Vérification infections PC

Petitflo81 · le 17 Jan 2011 15:05

Bonjour,

Voici donc le dernier pc de la maison à vérifier pour l'instant. Je pense que celui-ci sera le plus infecté :-?

. Les rapports:
OTL Txt:

Code: Tout sélectionner: OTL logfile created on: 17/01/2011 14:54:06 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Guillaume\Bureau Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 158,00 Mb Available Physical Memory | 31,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,28 Gb Total Space | 8,94 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Drive E: | 327,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: I-DZH2QIYJ039VL | User Name: Guillaume | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/01/17 14:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guillaume\Bureau\OTL.exe PRC - [2010/11/25 09:27:40 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/11/25 09:26:16 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/09/24 08:25:08 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/07/21 12:15:55 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/07/16 21:36:56 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/07/16 21:36:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/07/16 21:34:52 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/12/17 23:14:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009/12/15 14:15:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/05/29 10:37:02 | 000,654,336 | ---- | M] (Hercules) -- C:\Program Files\Hercules\WiFi Station\WiFiStation.exe PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2006/12/23 17:54:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe PRC - [2004/08/19 16:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/01/08 19:54:06 | 000,065,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004/01/08 16:41:40 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/01/17 14:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guillaume\Bureau\OTL.exe MOD - [2004/08/19 16:07:58 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/07/21 12:15:55 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/07/16 21:36:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2006/12/23 17:54:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2004/01/08 16:41:40 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService) SRV - [2003/07/28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/07/16 21:37:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/07/16 21:35:08 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/06/04 11:57:51 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2006/12/21 19:25:20 | 000,429,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2004/04/01 08:56:00 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2004/04/01 08:56:00 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) DRV - [2004/01/28 16:37:46 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax) DRV - [2004/01/28 16:26:28 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2004/01/28 15:46:22 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2004/01/28 15:20:44 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) DRV - [2004/01/13 16:03:30 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\RecAgent.sys -- (RecAgent) DRV - [2004/01/09 16:17:02 | 000,601,100 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2003/12/11 16:54:14 | 000,391,424 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003/09/12 15:43:04 | 000,611,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 CF 78 14 1B 7D CA 01 [binary data] IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2009/12/17 23:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guillaume\Application Data\Mozilla\Extensions [2009/12/17 23:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guillaume\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2002/08/30 21:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-776561741-220523388-1801674531-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-776561741-220523388-1801674531-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe (Hercules) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-776561741-220523388-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll () O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Guillaume\Mes documents\guillaume\moi\elle\foto\200307.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Guillaume\Mes documents\guillaume\moi\elle\foto\200307.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/12/14 21:42:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [1999/09/26 01:30:52 | 000,000,980 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{923d4546-1b25-11e0-9e20-0008d338b1cf}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe O33 - MountPoints2\{923d4546-1b25-11e0-9e20-0008d338b1cf}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/01/17 14:52:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guillaume\Bureau\OTL.exe [2011/01/16 19:04:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Guillaume\Recent [2011/01/06 22:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guillaume\Mes documents\SAV [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/01/17 14:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guillaume\Bureau\OTL.exe [2011/01/17 14:45:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/01/17 14:38:46 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{14B4358F-522E-46A9-A1A8-37ED140FBE38}.job [2011/01/17 14:01:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/01/17 08:49:45 | 070,266,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/01/17 08:21:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/01/17 08:20:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/01/16 18:59:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/01/16 18:44:46 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Guillaume\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/16 18:37:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/10/07 10:11:19 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/06/24 16:47:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2010/06/14 14:39:19 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2010/06/14 14:39:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2009/12/16 22:17:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/12/15 23:52:07 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Guillaume\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/14 22:08:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/12/14 21:51:33 | 000,155,648 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2009/12/14 21:49:36 | 000,002,534 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009/12/14 21:49:34 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009/12/14 21:32:46 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2003/09/12 15:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2003/04/01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1997/06/14 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll [color=#E56717]========== LOP Check ==========[/color] [2010/10/26 12:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/12/15 00:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/12/15 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2010/02/26 01:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\BitTorrent [2010/06/05 15:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Uniblue [2011/01/17 14:01:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2011/01/17 14:38:46 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{14B4358F-522E-46A9-A1A8-37ED140FBE38}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2010/10/07 11:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010/10/26 12:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/12/15 00:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/12/16 22:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2009/12/15 14:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2009/12/15 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2010/10/07 10:05:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2009/12/16 22:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero [2009/12/15 00:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2010/12/09 09:34:58 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [color=#A23BEC]< %APPDATA%\*. >[/color] [2010/10/07 10:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Adobe [2009/12/16 22:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Ahead [2010/02/26 01:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\BitTorrent [2010/01/04 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\CyberLink [2009/12/16 23:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\DivX [2009/12/15 14:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Google [2009/12/14 22:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Help [2009/12/14 21:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Identities [2009/12/14 23:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\InstallShield [2009/12/15 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Macromedia [2011/01/03 18:10:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Guillaume\Application Data\Microsoft [2009/12/17 23:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Mozilla [2009/12/17 23:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Sun [2010/06/05 15:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\Uniblue [2010/09/13 22:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guillaume\Application Data\vlc [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\agp440.sys [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2002/08/30 21:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2002/08/30 21:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2002/08/30 21:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\cdrom.sys [2002/08/30 21:00:00 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys [2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\changer.sys [2004/08/03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2002/08/30 21:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys [2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys [2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\disk.sys [2002/08/30 21:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/19 16:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2004/08/19 16:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll [2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\eventlog.dll [2002/08/30 21:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B1F4DD70AD2DF7B98C8323394D370B2A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004/08/19 16:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\explorer.exe [2004/08/19 16:09:54 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2002/08/30 21:00:00 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=82FE0D400CB1AC937234467B927B867A -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\explorer.exe [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ndis.sys [2002/08/30 21:00:00 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\netlogon.dll [2002/08/30 21:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=B05A56408A75A75345D399986751DDB7 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004/08/19 16:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2004/08/19 16:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll [2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 19:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2002/08/30 21:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2002/08/30 21:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2002/08/30 21:00:00 | 000,115,976 | ---- | M] (Microsoft Corporation) MD5=0606700377B6FB8B04475E92507ADADE -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\rdpwd.sys [2004/08/19 16:10:20 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2004/08/19 16:10:20 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\system32\drivers\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2002/08/30 21:00:00 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=11F7656C69DA4CFB022CEC5445A647E8 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2004/08/19 16:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2004/08/19 16:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll [2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2002/08/30 21:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Sfloppy.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys [2004/08/03 22:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2004/08/03 22:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\system32\drivers\sfloppy.sys [2002/08/30 21:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) MD5=4E1B8866F3D208DEE3906A191CB493E3 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2002/08/30 21:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:splitter.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys [2002/08/29 01:32:28 | 000,005,888 | ---- | M] (Microsoft Corporation) MD5=32C54211E9E8A45CBCB097BEAEB1999A -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\system32\drivers\splitter.sys [2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\swmidi.sys [2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\dllcache\swmidi.sys [2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\drivers\swmidi.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2002/08/30 21:00:00 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys [2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\tcpip.sys [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2004/08/03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2004/08/03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2002/08/30 21:00:00 | 000,011,144 | ---- | M] (Microsoft Corporation) MD5=1A96630BABBD59E8B885EAE0DFBE6A3E -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2004/08/19 16:10:20 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2004/08/19 16:10:20 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\system32\drivers\tdpipe.sys [2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\tdtcp.sys [2002/08/30 21:00:00 | 000,020,232 | ---- | M] (Microsoft Corporation) MD5=D1C578C6B37713694C5EDD7C2D7F7451 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [2004/08/19 16:10:20 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2004/08/19 16:10:20 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\system32\drivers\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2002/08/30 21:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbprint.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2002/08/30 21:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbscan.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2004/08/19 16:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys [2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\usbscan.sys [2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\dllcache\usbscan.sys [2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\drivers\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/19 16:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2004/08/19 16:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\system32\userinit.exe [2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\userinit.exe [2002/08/30 21:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F4127A2A00825C69A870035DA1264AE0 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/19 16:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004/08/19 16:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\system32\winlogon.exe [2002/08/30 21:00:00 | 000,520,704 | ---- | M] (Microsoft Corporation) MD5=71820BC9EE6653C8748922459DFC384D -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

Petitflo81 · le 17 Jan 2011 15:11

Et Extras Txt:

Code: Tout sélectionner: OTL Extras logfile created on: 17/01/2011 14:54:06 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Guillaume\Bureau Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 511,00 Mb Total Physical Memory | 158,00 Mb Available Physical Memory | 31,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38,28 Gb Total Space | 8,94 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Drive E: | 327,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: I-DZH2QIYJ039VL | User Name: Guillaume | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAB93551-3FFE-42B2-8315-96252BBC1036}" = Nero 7 Essentials "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.0 - Français "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}" = WiFi Station "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1F003CF-7EF2-4BE7-B8CC-27AB099CD038}" = Les Experts - Miami "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Age of Empires 2.0" = Microsoft Age of Empires II "All ATI Software" = ATI - Utilitaire de désinstallation du logiciel "ATI Display Driver" = ATI Display Driver "AVG9Uninstall" = AVG Free 9.0 "CCleaner" = CCleaner (remove only) "ie8" = Windows Internet Explorer 8 "Messenger Plus! Live" = Messenger Plus! Live "PulsPlayer" = PulsPlayer (remove only) "VLC media player" = VideoLAN VLC media player 0.8.6i "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 2 "WinLiveSuite_Wave3" = Installation Windows Live "Yahoo! Companion" = Yahoo! Toolbar avec bloqueur de fenêtres pop-up "Yahoo! Toolbar" = Yahoo! Toolbar "YInstHelper" = Yahoo! Install Manager [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-776561741-220523388-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 11/01/2011 05:24:20 | Computer Name = I-DZH2QIYJ039VL | Source = Application Error | ID = 1000 Description = Application défaillante explorer.exe, version 6.0.2900.2180, module défaillant divxdec.ax, version 7.0.0.31, adresse de défaillance 0x00069ba9. Error - 11/01/2011 05:25:15 | Computer Name = I-DZH2QIYJ039VL | Source = Application Error | ID = 1000 Description = Application défaillante explorer.exe, version 6.0.2900.2180, module défaillant divxdec.ax, version 7.0.0.31, adresse de défaillance 0x00069ba9. Error - 11/01/2011 09:54:59 | Computer Name = I-DZH2QIYJ039VL | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 12/01/2011 14:53:48 | Computer Name = I-DZH2QIYJ039VL | Source = Application Hang | ID = 1002 Description = Application bloquée msnmsgr.exe, version 14.0.8089.726, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 14/01/2011 04:51:50 | Computer Name = I-DZH2QIYJ039VL | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 16/01/2011 13:46:01 | Computer Name = I-DZH2QIYJ039VL | Source = Application Error | ID = 1000 Description = Application défaillante explorer.exe, version 6.0.2900.2180, module défaillant divxdec.ax, version 7.0.0.31, adresse de défaillance 0x00069ba9. Error - 16/01/2011 13:46:42 | Computer Name = I-DZH2QIYJ039VL | Source = Application Error | ID = 1000 Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.2180, adresse de défaillance 0x0001295d. Error - 16/01/2011 13:57:22 | Computer Name = I-DZH2QIYJ039VL | Source = Application Error | ID = 1000 Description = Application défaillante explorer.exe, version 6.0.2900.2180, module défaillant divxdec.ax, version 7.0.0.31, adresse de défaillance 0x00069ba9. Error - 16/01/2011 13:58:50 | Computer Name = I-DZH2QIYJ039VL | Source = Application Error | ID = 1000 Description = Application défaillante explorer.exe, version 6.0.2900.2180, module défaillant divxdec.ax, version 7.0.0.31, adresse de défaillance 0x00069ba9. Error - 16/01/2011 13:59:40 | Computer Name = I-DZH2QIYJ039VL | Source = Application Error | ID = 1000 Description = Application défaillante explorer.exe, version 6.0.2900.2180, module défaillant divxdec.ax, version 7.0.0.31, adresse de défaillance 0x00069ba9. < End of report >

Je viens de remarquer quelque chose sur ce pc, je ne sais pas si c'est lié à une infection mais il m'est impossible d'installer le SP3 de XP ! Si je me rappelle bien ça affiche une erreur pendant l'extraction des fichiers comme quoi certains dossiers ne peuvent pas être copiés ?? Je ne comprend pas pourquoi alors que le SP2 c'était installé sans problème ! Si vous avez une idée...

Merci d'avance à vous tous

.

bernard53 · le 17 Jan 2011 21:25

bonsoir

Fait ceci.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-776561741-220523388-1801674531-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
:Files
C:\Program Files\Ask.com
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
:Commands
[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport s'ouvrir "OTL.Txt"
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
http://www.cijoint.fr/index.php

Ensuite::

Installe Malewarebytes' Antimalware,
Téléchargement

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.

Puis, ceci pour mettre Java à jour.

** Télécharge JavaRA

**Aide en images

Puis tu as deux ID de signalé code 1001 et 1002.

Regarde ceci si cela peux te guider.

http://www.eventid.net/display.asp?eventid=1000

et

http://www.eventid.net/display.asp?eventid=1002

Petitflo81 · le 18 Jan 2011 00:32

Bonsoir bernard53,

Ok je vais essayer de faire ça dès que je peux, comme ce n'est pas mon PC et qu'il s'en sert. Il y a beaucoup d'infections dessus ?
Par contre je n'ai pas bien compris cette histoire de ID 1001 et 1002 ? De quoi s'agit il exactement, peux tu me renseigner ?

Merci à toi et bonne nuit à tous !

Petitflo81 · le 18 Jan 2011 11:56

Bonjour,

Alors voici les rapports:
OTL:

Code: Tout sélectionner: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-776561741-220523388-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found. Registry value HKEY_USERS\S-1-5-21-776561741-220523388-1801674531-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully. C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found. Registry value HKEY_USERS\S-1-5-21-776561741-220523388-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-776561741-220523388-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found. File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found. Starting removal of ActiveX control DirectAnimation Java Classes Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found. File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\ not found. ========== FILES ========== C:\Program Files\Ask.com folder moved successfully. C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Guillaume ->Temp folder emptied: 12081977 bytes ->Temporary Internet Files folder emptied: 18123349 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 434 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2889632 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1139202 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 51775 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 56369 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 33,00 mb OTL by OldTimer - Version 3.2.20.2 log created on 01182011_102544 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Guillaume\Local Settings\Temp\~DF413A.tmp not found! File\Folder C:\Documents and Settings\Guillaume\Local Settings\Temp\~DF4E33.tmp not found! C:\Documents and Settings\Guillaume\Local Settings\Temporary Internet Files\Content.IE5\HGZLZPNU\ads[9].htm moved successfully. C:\Documents and Settings\Guillaume\Local Settings\Temporary Internet Files\Content.IE5\C3AQBO5L\iframescript[1].htm moved successfully. C:\Documents and Settings\Guillaume\Local Settings\Temporary Internet Files\Content.IE5\C3AQBO5L\verification-infections-pc-vt-55439[1].html moved successfully. C:\Documents and Settings\Guillaume\Local Settings\Temporary Internet Files\Content.IE5\2IIR9836\ads[6].htm moved successfully. C:\Documents and Settings\Guillaume\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\Guillaume\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully. Registry entries deleted on Reboot...

et celui de Malwarebytes mais je suis surpris qu'il n'est rien trouvé:

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5544 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 18/01/2011 11:29:56 mbam-log-2011-01-18 (11-29-56).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 185331 Temps écoulé: 56 minute(s), 57 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Pour Java une mise à jour s'est installée après que j'ai posté mon premier message, dois je quand même faire ce que tu m'as indiqué ?
As tu une idée pour l'erreur d'installation du SP3 ?

Merci et tiens moi au courant pour la suite, a+

.

bernard53 · le 18 Jan 2011 12:42

Bonjour

Pas de soucis pour Java tu peux juste passer JavaRa pour supprimer les versions caduc qui sont restées sur le pc.

Pour les ID je t'ai mis ces infos justement au sujet du SP3 mais sans trop y croire. Je voulais de l'indiquer quand même.

Sinon pour ton SP3 as tu fait ton téléchargement manuel?
http://www.microsoft.com/downloads/fr-f ... 22559d164e

Fait une vérification des erreurs sur le DD et fait un nettoyage du disque avant ton installation.
il faut tenter aussi de faire une installation de celui ci sans l'antivirus.

Petitflo81 · le 18 Jan 2011 14:44

Re,

C'est bon le SP3 s'est installé ! J'avais déja passé un coup de Ccleaner avant d'essayer la première fois mais sans succès, et là je ne sais pas si c'était dû à un virus ou à cause de l'antivirus que j'ai désactivé avant l'installation mais ça a fonctionné

.
Ce pc était il beaucoup infecté ? Reste t'il quelque chose à y faire ?

Merci beaucoup pour l'aide apportée

.

bernard53 · le 18 Jan 2011 20:00

Très bien pour le SP3 :wink:

non le pc n'était pas beaucoup infecté.

Pour moi c'est bon, et pour toi comment va le pc?

Si tout va bien.

Fait ceci pour supprimer les logiciels qui ont servis à cette désinfection.

Télécharge << DelFix >> de Xplode pour supprimer les logiciels qui ont servis a cette désinfection.

* Lance-le.

* A l'invite, [Suppression] ()

* Un rapport va s'ouvrir à la fin, colle le dans la réponse

Ensuite pour le désinstaller ; tu relances et tu passes à l'option [Désinstallation]

Puis:

Maintenant on va mettre la restauration du système propre.

Cliquez avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système

Sélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs.

Cliquez sur Appliquer puis OUI dans la fenêtre suivante.

Attendre quelques instants puis :

activer la restauration du système de nouveau.

Cliquez avec le bouton droit sur Poste de travail, puis cliquez sur Propriétés
ou touche "Windows+Pause"
Cliquez sur l'onglet Restauration du système

Désélectionnez Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs»

Maintenant on crée un nouveau point de restauration.

Démarrer—Exécuter—ou touche "Windows+R" et tapes:

%SystemRoot%\System32\restore\rstrui.exe

Puis coche " Créer un point de restauration" que tu nommes PC- Clean. Valide.

Vous pouvez maintenant fermer toutes les fenêtres.

Petitflo81 · le 19 Jan 2011 00:18

Bonsoir,

Alors le pc à l'air d'aller bien

, bon il n'est pas trop rapide mais c'est normal car il est un peu pauvre en mémoires.

J'ai bien effectué DelFix mais excuse moi je n'ai plus pensé au rapport :-?

, bon ce n'est pas grave ça mettait juste que les éléments de OTL avaient bien été supprimé.

Bon voilà on a fait le tour de tous les pc actuellement utilisés sur le net. Il reste celui de mes parents mais ils n'ont pas internet pour l'instant donc ça sera pour une prochaine fois.

Merci beaucoup d'avoir pris de ton temps pour m'aider à effectuer toutes ces désinfections

et peut être à bientôt

!

bernard53 · le 19 Jan 2011 12:46

Bonne journée Petitflo81 :wink:

Vérification infections PC

Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Re: Vérification infections PC

Sujets similaires

Qui est en ligne