[Réglé] ++++ LA POSSESSION : LE RETOUR !!! ++++ • page 2

jeanmimigab · le 30 Aoû 2010 13:08

re,

je t'ai fais un petit programme...

télécharge jm_pcscope.exe sur ta clef USB et un fois la clef branchée sur le pc infecté, fait un double clis sur jm_pcscope.exe

ensuite ouvre le gestionnaire des taches ,cliques sur "nouvelle tache" et que tu tape explorer.exe >> cliques sur "OK", est ce que ton bureau réapparait ?

pcscope · le 30 Aoû 2010 13:30

Hélas, non : même message... :-?

Ceci dit, le programme pcscope j'ai dû aussi l'ouvrir via le gestionnaire des tâches (en tapant parcourir et OK)

En fait, explorer.exe a vraiment disparu ?

C'est pas possible de le réinstaller?

jeanmimigab · le 30 Aoû 2010 13:38

zut, j'ai fais une erreur dans le code... :roll:

supprime le fichier jm_pcscope.exe que tu as téléchargé tout à l'heure...
re-télécharge la nouvelle version de jm_pcscope.exe sur ta clef USB et un fois la clef branchée sur le pc infecté, fait un double clic sur jm_pcscope.exe

ensuite ouvre le gestionnaire des taches ,cliques sur "nouvelle tache" et que tu tape explorer.exe >> cliques sur "OK", est ce que ton bureau réapparait cette fois ci ????

pcscope · le 30 Aoû 2010 13:55

YESSSSS !!! Ça marche !

T'es un as !!!

Déjà merci mais qu'est-ce qu'on fait maintenant parce que à l'instant où les icônes ont réapparu, j'ai eu un message d'AVIRA me disant: un ou plusieurs programmes indésirables ont été trouvés

Qu'est ce que je coche ?

- Refuser l'accès
- Mettre en quarantaine
- Supprimer

ou alors, je ne fais rien ???

PS; c'est dans explorer.exe que se trouve le cheval de Troie TR/Spy.1037824.6

jeanmimigab · le 30 Aoû 2010 14:02

le fichier explorer.exe infecté se trouve à quel emplacement exactement??

pcscope · le 30 Aoû 2010 14:05

La seule info que j'ai c'est:

C:/WINDOWS/explorer.exe

:wink:

ATTENTION: Actuellement, si j'essaie de cliquer sur une icône, ça ne fonctionne pas et un autre message d'alerte semblable apparait.

jeanmimigab · le 30 Aoû 2010 14:10

hummm, j'espère que le fichier ne se fait pas patché dès que la copie s'effectue...
met en quarantaine.....et si le bureau disparait relance jm_pcscope.exe et relance à nouveau explorer.exe avec le gestionnaire des taches

pcscope · le 30 Aoû 2010 14:20

Pour l'instant, tout va bien !

J'ai mis en quarantaine et j'ai accès à toutes les icônes...

Plus de message d'infection... Le suspens est total ! :lol:

Qu'est-ce qu'on fait ?

jeanmimigab · le 30 Aoû 2010 14:32

fais le fix avec OTL en cliquent sur "correction" après avoir copier/coller cette citation dans la fenêtre d'OTL et poste le rapport

:Files
C:\Documents and Settings\Famille\Local Settings\temp\mcoaernwsx.tmp
C:\Documents and Settings\Famille\Local Settings\temp\nmecsroxwa.tmp
C:\Documents and Settings\Famille\Local Settings\temp\wramxseonc.tmp
C:\Documents and Settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79
C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk
C:\BTGUARD
C:\WINDOWS\System32\gthrctr.ini
C:\WINDOWS\System32\idxcntrs.ini
C:\WINDOWS\System32\gsrvctr.ini

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
FF - prefs.js..network.proxy.type: 0
O4 - HKLM\..\Run: [mcoaernwsx.tmp] C:\Documents and Settings\Famille\Local Settings\temp\mcoaernwsx.tmp ()
O4 - HKLM\..\Run: [nmecsroxwa.tmp] C:\Documents and Settings\Famille\Local Settings\temp\nmecsroxwa.tmp ()
O4 - HKLM\..\Run: [wramxseonc.tmp] C:\Documents and Settings\Famille\Local Settings\temp\wramxseonc.tmp ()
O4 - HKU\S-1-5-21-2917347797-3027105718-829246846-1008\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79\mediafix70700en02.exe (MS)
O4 - Startup: C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk = C:\BTGUARD\settings.exe ()
[2008/05/26 23:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 23:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 23:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]

pcscope · le 30 Aoû 2010 15:01

Aghhhh!!!

Dés que j'ai voulu lancer la correction d'OTL, le message d'infection est apparu.

OTL s'est bloqué à nouveau...

Quand j'ai mis en quarantaine le bureau a redisparu... :-?

Maintenant, même avec le programme pcscope, le bureau ne réapparait plus....PFFFF!!!!

jeanmimigab · le 30 Aoû 2010 15:09

bon, c'est du coriace...on va devoir passer par un live CD...

L'avantage est que l'on vas sanner ton pc avec Windows (donc le rootkit) à l'arrêt :wink:

fais cela stp...

Insère un CD (ou un DVD) vierge dans ton graveur...si une fenêtre s'ouvre te demandant ce que tu veux faire, ferme cette fenêtre.

Télécharge OTLPENet.iso sur ton bureau.
Insère un CD vierge dans ton graveur, si une fenêtre s'ouvre te demandant ce que tu veux faire, ferme cette fenêtre.
Fais un double-clic sur l'icône d'OTLPENet.iso et suis les instructions pour graver le CD/DVD automatiquement

Note : Le CD gravé, vous devez maintenant redémarrer votre machine sur le lecteur CDROM

Si ton pc ne boot pas automatiquement sur le CD, je t'invite sur ce lien : http://forum.malekal.com/booter-sur-dvd-t9447.html
= Le setup se charge en RAM

= Une fois le CD lancé Windows se charge (comptez 15 à 20 minutes) vous arrivez sur le bureau REATOGO-X-PE

= Double cliquer sur OTLPE

= Une fenêtre s'ouvre : Do you wish to load the remote registry ; Cliquez sur YES

= Une seconde : Do you wish to load remote user profile(s) for scanning ;choisis ta session et Clique sur YES

= Veillez à ce que la case "Automatically Load All Remaining Users" soit cochée et cliquez sur "OK"

=OTL se lance tu arrives sur cette fenêtre

Tu utilises une clé usb pour sauver le contenu du cadre ci dessous dans un fichier bloc notes , afin de le retrouver facilement
et de le coller ensuite sous" Custom Scan box"

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
fltmgr.sys
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
disk.sys
ndis.sys
mountmgr.sys
aec.sys
rasacd.sys
redbook.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

* cliques Run Scan pour démarrer le scan.
* une fois terminé , le fichier se trouve là C:\OTL.txt
* copie_colle le sur ta clef USB et poste son contenu dans ta prochaine réponse :wink:

pcscope · le 30 Aoû 2010 17:55

Ca y est ! Comme ça, c'est plus facile mais ça nous mène où tout ça ?

Voilà le rapport...Sacrée tartine !

Code: Tout sélectionner: OTL logfile created on: 8/30/2010 7:14:01 PM - Run OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.11) Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy 511.00 Mb Total Physical Memory | 299.00 Mb Available Physical Memory | 59.00% Memory free 463.00 Mb Paging File | 335.00 Mb Available in Paging File | 72.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.27 Gb Total Space | 6.71 Gb Free Space | 18.02% Space Free | Partition Type: NTFS Drive D: | 23.59 Gb Total Space | 8.92 Gb Free Space | 37.79% Space Free | Partition Type: NTFS Drive E: | 13.65 Gb Total Space | 8.53 Gb Free Space | 62.45% Space Free | Partition Type: FAT32 Drive F: | 1.91 Gb Total Space | 1.21 Gb Free Space | 63.60% Space Free | Partition Type: FAT Drive G: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet004 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2009/11/14 07:48:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009/08/02 15:37:45 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009/07/21 08:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/05/13 10:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2007/01/31 08:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006/11/03 13:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/08/01 19:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2006/08/01 19:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2006/08/01 19:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/06/20 03:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2002/09/19 17:41:02 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR) SRV - [2002/09/19 17:29:30 | 000,053,248 | ---- | M] (Computer Associates) [Auto] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch) SRV - [2002/09/19 17:27:06 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT) SRV - [2001/11/12 09:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\WudfPf.sys -- (WudfPf) DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\Wbutton.sys -- (Wbutton) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/12/17 18:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009/11/25 06:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 04:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 04:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/03/26 20:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2009/02/13 06:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/08/14 02:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs) DRV - [2008/04/13 14:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 14:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2007/05/22 22:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007/05/10 21:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007/03/05 00:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007/03/04 23:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007/03/04 23:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007/03/04 23:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007/03/04 23:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2007/01/12 14:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006/08/01 20:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006/07/10 12:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006/07/05 08:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006/06/29 14:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R) DRV - [2006/06/14 10:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005/05/19 10:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004/07/19 12:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2004/07/17 16:11:26 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004/07/13 20:00:26 | 000,067,968 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004/05/26 09:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2004/02/26 18:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/02/24 05:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2004/01/20 17:56:56 | 000,077,925 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53) DRV - [2004/01/20 17:56:30 | 001,086,853 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51) DRV - [2004/01/20 17:55:34 | 000,619,369 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52) DRV - [2004/01/20 17:54:54 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt) DRV - [2003/12/05 12:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003/07/25 08:28:16 | 000,270,544 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) DRV - [2001/11/14 14:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF) DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\Administrateur_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/ IE - HKU\Administrateur_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Famille_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKU\Famille_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\Famille_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ IE - HKU\Famille_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\Famille_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Famille_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\Famille_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 14:34:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/24 16:09:23 | 000,000,000 | ---D | M] [2010/04/02 14:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/01 16:05:31 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/07/01 16:05:31 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/07/01 16:05:31 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/07/01 16:05:31 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/01 16:05:31 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/08/16 06:15:56 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. O3 - HKU\Famille_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\Famille_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\Famille_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - Reg Error: Value error. File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [mcoaernwsx.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\mcoaernwsx.tmp File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [nmecsroxwa.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\nmecsroxwa.tmp File not found O4 - HKLM..\Run: [PCMService] C:\Program Files\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [wramxseonc.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\wramxseonc.tmp File not found O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\Famille_ON_C..\Run: [mediafix70700en02.exe] C:\Documents and Settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79\mediafix70700en02.exe File not found O4 - HKU\Famille_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Famille_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Famille_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092937461363 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Fond d'écran.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Fond d'écran.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/08/30 00:36:20 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ] O32 - AutoRun File - [2006/05/11 18:13:39 | 000,000,279 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: ip6fw.sys - Driver SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.0.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.0.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6F9FF330-7AA2-A7F4-99CF-7666F65608A8} - Rendu VML (Vector Graphics Rendering) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D02B7508-D77F-A700-3615-C53A0EE1115C} - Outlook Express ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {E95B851E-A712-70E8-1992-568FA2255338} - Internet Explorer ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.mp42 - mpg4c32.dll File not found Drivers32: vidc.mp43 - mpg4c32.dll File not found Drivers32: vidc.mpg4 - mpg4c32.dll File not found Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/08/30 09:50:56 | 000,000,000 | ---D | C] -- C:\_OTL [2010/08/30 09:49:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe [2010/08/30 08:46:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010/08/30 08:45:59 | 001,037,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe [2010/08/30 05:54:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Famille\Mes documents\OTL.exe [2010/08/30 05:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\_OTL [2010/08/28 20:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\Affaire Virus 29 aout [2010/08/28 16:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Local Settings\Application Data\Windows Server [2010/08/27 11:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\Téléchargements [2010/08/26 14:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Gestion PC [2010/08/26 11:58:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Famille\Recent [2010/08/26 09:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Bureau\Affiches [2010/08/19 16:55:27 | 000,000,000 | ---D | C] -- C:\CSysFiles [2010/08/19 16:46:27 | 000,000,000 | ---D | C] -- C:\Medion [2010/08/18 04:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Famille\Mes documents\Téléchargements [2010/08/16 08:22:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/08/16 06:14:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies [2010/08/16 05:39:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/23 08:31:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Famille\Application Data\pcouffin.sys [2004/01/01 11:10:25 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/08/30 11:52:41 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/08/30 11:52:41 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/08/30 11:52:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/08/30 11:52:24 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Famille\NTUSER.DAT [2010/08/30 11:52:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/08/30 11:52:15 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Famille\ntuser.ini [2010/08/30 10:07:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/08/30 05:23:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/08/30 05:22:39 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys [2010/08/28 17:41:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Raccourci vers Poste de travail.lnk [2010/08/28 11:40:22 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/27 14:55:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010/08/27 11:18:28 | 000,036,869 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Ebay UK.htm [2010/08/27 11:17:12 | 000,068,286 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Ebay France.htm [2010/08/27 11:16:24 | 000,078,014 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\EbayUSA.htm [2010/08/27 11:14:39 | 000,041,450 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Yahoo mail.htm [2010/08/27 11:13:25 | 000,012,347 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Hotmail.htm [2010/08/27 11:11:34 | 000,037,616 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Ebay allemagne.htm [2010/08/27 11:08:41 | 000,147,339 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\Ebay Belgique.htm [2010/08/27 10:43:55 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\PC banking.url [2010/08/26 12:17:02 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181631Cles supprimées emplacement d'applications.reg [2010/08/26 12:15:23 | 000,003,056 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181453 Clés sup. Bibliothèques de type.reg [2010/08/26 12:14:10 | 000,033,482 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181313 clés supprimées activeX et classes invalides.reg [2010/08/26 12:12:36 | 000,003,324 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181123 clés supprimées DLL partagées.reg [2010/08/26 12:04:34 | 000,009,768 | ---- | M] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_180319.reg [2010/08/24 12:09:05 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job [2010/08/24 12:09:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job [2010/08/19 16:54:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/08/18 15:08:18 | 000,021,638 | ---- | M] () -- C:\Documents and Settings\Famille\Application Data\wklnhst.dat [2010/08/17 14:55:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job [2010/08/16 16:43:09 | 001,439,221 | ---- | M] () -- C:\Documents and Settings\Famille\Bureau\1OK.psd [2010/08/16 06:15:56 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/08/16 05:57:26 | 000,000,253 | ---- | M] () -- C:\WINDOWS\system.ini [2010/08/16 05:56:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak [2010/08/11 21:46:55 | 002,127,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/11 21:17:37 | 001,099,590 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/08/11 21:17:37 | 000,529,198 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/08/11 21:17:37 | 000,437,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/08/11 21:17:37 | 000,092,700 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/08/11 21:17:37 | 000,070,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/08/01 07:26:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Mes documents\OTL.exe [2010/08/01 07:26:04 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Famille\Bureau\OTL.exe [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/08/30 05:22:39 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys [2010/08/28 17:41:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Raccourci vers Poste de travail.lnk [2010/08/27 11:18:28 | 000,036,869 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Ebay UK.htm [2010/08/27 11:17:12 | 000,068,286 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Ebay France.htm [2010/08/27 11:16:24 | 000,078,014 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\EbayUSA.htm [2010/08/27 11:14:39 | 000,041,450 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Yahoo mail.htm [2010/08/27 11:13:24 | 000,012,347 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Hotmail.htm [2010/08/27 11:11:33 | 000,037,616 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Ebay allemagne.htm [2010/08/27 11:08:41 | 000,147,339 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\Ebay Belgique.htm [2010/08/27 10:43:53 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\PC banking.url [2010/08/26 12:17:00 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181631Cles supprimées emplacement d'applications.reg [2010/08/26 12:15:19 | 000,003,056 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181453 Clés sup. Bibliothèques de type.reg [2010/08/26 12:14:04 | 000,033,482 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181313 clés supprimées activeX et classes invalides.reg [2010/08/26 12:12:03 | 000,003,324 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_181123 clés supprimées DLL partagées.reg [2010/08/26 12:03:30 | 000,009,768 | ---- | C] () -- C:\Documents and Settings\Famille\Mes documents\cc_20100826_180319.reg [2010/08/24 12:09:03 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job [2010/08/16 16:43:06 | 001,439,221 | ---- | C] () -- C:\Documents and Settings\Famille\Bureau\1OK.psd [2010/04/08 14:28:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/08 14:28:58 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\fusioncache.dat [2010/04/08 14:28:54 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Administrateur\ntuser.dat.LOG [2010/04/08 14:28:54 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Administrateur\ntuser.ini [2010/04/08 14:28:53 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT [2010/03/04 09:28:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Famille\PUTTY.RND [2010/02/11 16:17:29 | 000,060,643 | ---- | C] () -- C:\Documents and Settings\Famille\Menu Démarrer.rar [2010/01/28 08:36:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI [2009/11/18 14:13:49 | 002,693,555 | ---- | C] () -- C:\Program Files\btguard-1-00.exe [2009/10/23 09:17:48 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/10/23 09:17:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/10/23 08:31:29 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\ezpinst.exe [2009/10/23 08:31:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.cat [2009/10/23 08:31:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.inf [2009/10/23 08:31:29 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\pcouffin.log [2009/10/21 05:59:30 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/08/26 09:17:21 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL [2009/08/10 15:03:27 | 000,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll [2009/08/01 13:07:43 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Famille\Application Data\SystemConfiguration [2009/01/03 11:36:27 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2007/03/26 16:25:56 | 000,002,210 | ---- | C] () -- C:\WINDOWS\coolmp3.ini [2006/09/17 10:07:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dprsx.dll [2006/09/17 10:07:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\gpvbd.dll [2006/09/17 10:07:08 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\AuthDVD.DLL [2006/07/28 17:46:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\coolacm.ini [2006/07/28 14:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI [2006/07/28 14:33:19 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini [2006/07/28 14:33:16 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini [2006/07/28 14:30:00 | 000,009,973 | ---- | C] () -- C:\WINDOWS\COOL.INI [2005/04/11 17:11:13 | 000,011,270 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/04/09 09:17:40 | 000,001,573 | ---- | C] () -- C:\Program Files\qsetup.html [2005/03/07 10:51:06 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat [2005/02/27 13:10:30 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2005/02/27 13:10:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2005/01/08 06:46:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2004/12/20 05:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004/12/20 05:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004/12/05 17:50:53 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2004/10/28 09:41:23 | 000,001,557 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2004/10/27 12:10:59 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpcsys.sys.bak [2004/10/27 11:54:16 | 000,021,638 | ---- | C] () -- C:\Documents and Settings\Famille\Application Data\wklnhst.dat [2004/10/27 03:35:46 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/10/27 03:35:46 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Famille\Local Settings\Application Data\fusioncache.dat [2004/10/27 03:35:44 | 007,077,888 | ---- | C] () -- C:\Documents and Settings\Famille\NTUSER.DAT [2004/10/27 03:35:44 | 000,827,392 | ---- | C] () -- C:\Documents and Settings\Famille\ntuser.dat.LOG [2004/10/27 03:35:44 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Famille\ntuser.ini [2004/09/19 10:53:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/09/19 08:48:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/09/01 11:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004/08/20 06:30:23 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini [2004/08/19 17:58:38 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/08/19 14:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2004/08/19 13:30:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2004/08/19 11:37:22 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/08/19 11:08:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2004/08/19 11:06:44 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2004/08/19 11:00:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004/08/19 09:56:42 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/19 09:44:08 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004/08/19 09:18:15 | 000,237,568 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2004/08/19 09:18:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG [2004/08/19 09:18:15 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini [2004/08/19 09:18:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini [2004/08/19 09:18:13 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2004/08/19 09:18:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG [2004/01/14 01:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2004/01/01 11:10:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [2004/01/01 11:03:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2004/01/01 10:54:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [color=#E56717]========== LOP Check ==========[/color] [2004/09/19 09:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander [2004/11/14 14:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ACD Systems [2010/03/03 07:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\CheckPoint [2009/11/11 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\com.adobe.ExMan [2009/04/08 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\LEAPS [2010/03/25 13:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\NCH Swift Sound [2009/12/23 12:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Nikon [2009/10/27 13:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Opera [2005/04/05 19:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\ThumbsPlus [2010/04/20 17:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Uniblue [2010/08/18 05:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\uTorrent [2010/07/26 12:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Vso [2009/11/23 07:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\VTC Preferences Folder [2005/02/20 16:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\WholeSecurity [2009/01/05 07:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Desktop Search [2009/01/06 15:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Famille\Application Data\Windows Search [2009/04/01 08:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\X10 Commander [2010/08/30 10:07:16 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010/08/17 14:55:02 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job [2010/08/24 12:09:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job [2010/08/24 12:09:05 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AEC.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:aec.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys [2006/02/14 20:30:07 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=1EE7B434BA961EF845DE136224C30FEC -- C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=1EE7B434BA961EF845DE136224C30FEC -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ERDNT\cache\aec.sys [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\dllcache\aec.sys [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004/08/03 19:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/05 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/05 08:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/05 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/05 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=4D904227A19AC7462DCCE0D88FFB11BA -- C:\WINDOWS\LastGood\explorer.exe [2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=4D904227A19AC7462DCCE0D88FFB11BA -- C:\WINDOWS\system32\dllcache\explorer.exe [2007/06/13 09:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: FLTMGR.SYS >[/color] [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) MD5=3D234FB6D6EE875EB009864A299BEA29 -- C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys [2006/08/21 05:43:32 | 000,128,768 | ---- | M] (Microsoft Corporation) MD5=5A85CD3D07273E3F6FE72EE9C6431632 -- C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) MD5=B2CF4B0786F8212CB92ED2B50C6DB6B0 -- C:\WINDOWS\system32\drivers\fltmgr.sys [color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color] [2004/08/05 08:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys [color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:mrxsmb.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys [2009/12/04 13:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys [2008/10/24 07:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys [2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys [2008/10/24 07:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys [2008/10/24 07:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys [2006/05/05 06:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys [2005/01/18 23:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys [2004/10/27 21:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys [2008/10/24 07:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys [2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/05 08:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/05 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2004/08/05 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2004/08/05 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: REDBOOK.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:redbook.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/03 20:39:44 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/05 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [color=#A23BEC]< MD5 for: TERMDD.SYS >[/color] [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys [2004/08/05 08:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:termdd.sys [2009/01/05 05:34:21 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys [2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys [2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys [2004/08/03 18:55:12 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/05 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WIN32K.SYS >[/color] [2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys [2010/05/02 04:02:25 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys [2005/10/05 23:12:57 | 001,839,616 | ---- | M] (Microsoft Corporation) MD5=1D0E52F9F1A0B1D0A6A9C1A3B2F4EB34 -- C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys [2007/03/08 11:45:59 | 001,844,096 | ---- | M] (Microsoft Corporation) MD5=24B0EF79632899E1831BD052F53A8A24 -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys [2009/08/14 11:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys [2008/09/15 11:14:42 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=4B7F71D24D215A79400C947EE9C9AF7B -- C:\WINDOWS\$hf_mig$\KB954211\SP2QFE\win32k.sys [2008/03/20 03:56:50 | 001,846,016 | ---- | M] (Microsoft Corporation) MD5=76DB0C82A525036299B3E195479B4DF1 -- C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys [2005/03/02 14:13:08 | 001,836,416 | ---- | M] (Microsoft Corporation) MD5=7EC7E0B304C1D7F73E9B6C4977952220 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys [2008/09/15 11:26:07 | 001,846,528 | ---- | M] (Microsoft Corporation) MD5=9F1A0FB5BD8ACECC6CB0A9130BD8F3C3 -- C:\WINDOWS\$hf_mig$\KB954211\SP3GDR\win32k.sys [2009/02/09 09:59:50 | 001,847,680 | ---- | M] (Microsoft Corporation) MD5=A06AF7F6B26F2BDEFB0961D4641D6453 -- C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys [2009/04/19 15:42:34 | 001,847,936 | ---- | M] (Microsoft Corporation) MD5=A4CB910DA61C2AB50D1D4E15CDA48D32 -- C:\WINDOWS\$hf_mig$\KB968537\SP3QFE\win32k.sys [2008/09/15 11:20:39 | 001,847,040 | ---- | M] (Microsoft Corporation) MD5=AC230363E6F0021E3F8336990F348A87 -- C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys [2010/06/24 05:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\system32\dllcache\win32k.sys [2010/06/24 05:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\system32\win32k.sys [2010/06/24 17:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys [2008/09/15 11:39:16 | 001,846,144 | ---- | M] (Microsoft Corporation) MD5=F5FEFC4A30A7B234F62E4339E0FEE476 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2008/06/20 13:47:22 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll [2010/06/24 08:17:24 | 006,067,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ieframe.dll [2010/06/24 08:17:24 | 000,268,288 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\iertutil.dll [2008/04/13 22:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll [2008/04/13 22:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll [2008/04/13 22:33:38 | 000,023,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\psapi.dll [2010/07/27 02:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2004/08/19 11:04:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2004/08/19 11:04:05 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2004/08/19 11:04:05 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < End of report >

jeanmimigab · le 30 Aoû 2010 19:37

hello,

copie la citation ci-dessous dans un document.txt que tu mettras sur ta clef USB

:Files
C:\WINDOWS\LastGood\explorer.exe | C:\WINDOWS\ERDNT\cache\explorer.exe /replace
C:\WINDOWS\system32\dllcache\explorer.exe | C:\WINDOWS\ERDNT\cache\explorer.exe /replace
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe | C:\WINDOWS\ERDNT\cache\explorer.exe /replace
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe | C:\WINDOWS\ERDNT\cache\explorer.exe /replace
C:\Documents and Settings\Famille\Local Settings\temp\mcoaernwsx.tmp
C:\Documents and Settings\Famille\Local Settings\temp\nmecsroxwa.tmp
C:\Documents and Settings\Famille\Local Settings\temp\wramxseonc.tmp
C:\Documents and Settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79
C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk
C:\BTGUARD
C:\WINDOWS\System32\gthrctr.ini
C:\WINDOWS\System32\idxcntrs.ini
C:\WINDOWS\System32\gsrvctr.ini

:OTL
IE - HKU\Famille_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Famille_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
IE - HKU\Famille_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
O4 - HKLM\..\Run: [mcoaernwsx.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\mcoaernwsx.tmp File not found
O4 - HKLM\..\Run: [nmecsroxwa.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\nmecsroxwa.tmp File not found
O4 - HKLM\..\Run: [wramxseonc.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\wramxseonc.tmp File not found
O4 - HKU\Famille_ON_C\..\Run: [mediafix70700en02.exe] C:\Documents and Settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79\mediafix70700en02.exe File not found
O32 - AutoRun File - [2010/08/30 00:36:20 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/05/11 18:13:39 | 000,000,279 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
ActiveX: {E95B851E-A712-70E8-1992-568FA2255338} - Internet Explorer

branche ta clef USB sur le pc infecté (toujours en étant sous le LiveCD)....relance OTLPE et fais un copier/coller du contenu de la citation dans la fenêtre d'OTLPE et cliques sur "Run Fix"
Ferme OTLPE
Éteint le liveCD
redémarre ton pc en mode normal et reconnecte toi au web.....

Immédiatement après fais cela....

Télécharge WinFileReplace de Loup_Blanc sur ton bureau

Fermez tous les programmes et double-cliquez sur l'icône WinFileReplace
Au lancement un menu apparaît et vous devez choisir la langue du programme.
Appuyez sur la touche F puis Entrée pour mettre le programme en Français.
Le programme se lance et vérifie votre version de Windows.
Le bloc-note s'ouvre, fais un copier/coller de la citation ci-dessous à l'intérieure

c:\windows\system32\drivers\lbrtfdc.sys
c:\windows\system32\drivers\Changer.sys
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\drivers\asyncmac.sys
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\ntfs.sys
c:\windows\system32\drivers\null.sys
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\browser.dll
c:\windows\system32\lsass.exe
c:\windows\system32\netman.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\services.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\comctl32.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\es.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\scecli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\svchost.exe
c:\windows\system32\tapisrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\userinit.exe
c:\windows\system32\ws2_32.dll
c:\windows\explorer.exe
c:\windows\system32\srsvc.dll
c:\windows\system32\wscntfy.exe
c:\windows\system32\xmlprov.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\sfcfiles.dll
c:\windows\system32\ctfmon.exe
c:\windows\system32\shsvcs.dll
c:\windows\system32\regsvc.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\drivers\acpiec.sys
c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\agp440.sys
c:\windows\system32\drivers\ip6fw.sys
c:\windows\system32\mfc40u.dll
c:\windows\system32\msgsvc.dll
c:\windows\system32\mspmsnsv.dll
c:\windows\system32\ntmssvc.dll
c:\windows\system32\upnphost.dll

Fermez le bloc-note et cliquez sur "enregistrer" pour valider .
Le service pack correspondant à votre système va être alors téléchargé.
Ceci peut prendre plusieurs minutes selon la vitesse de connexion
(le % d'avancement du téléchargement apparaît en haut de la fenêtre).
Vous devez ensuite accepter le contrat d'utilisateur de Microsoft en cliquant sur le bouton J'accepte
Vous devez confirmer la restauration du fichier en appuyant sur la touche o et Entrée

Une fois le remplacement effectué, il vous est demandé de redémarrer l'ordinateur, appuyez sur la touche o puis Entrée pour redémarrer l'ordinateur.
Au redémarrage, un rapport s'ouvre, ce dernier vérifie et vous indique si la restauration du fichier a réussi.

pcscope · le 30 Aoû 2010 21:45

...J'ai un soucis avec OTLPE :après le RUNFIX, impossible de fermer le programme.

La fenêtre se fige et je ne peux plus rien tirer de lui...même pas possible de copier le rapport de la fenêtre du bas...)

Comment je fais pour la suite?

Si j'essaie d'éteindre le PC via les commandes (shut down), tout s'immobilise et rien ne se passe.

......1 heure plus tard...

En fait, j'ai éteint le PC à la sauvage vu que tout s'était figé et j'ai essayé de poursuivre mais quand j'ai rallumé le PC en mode normal, le bureau n'a pas réapparu et je n'ai même pas pu rétablir ma connection.(le bouton wifi ne réagit plus)...

Pour l'instant, c'est: retour à la case départ. :-?

T'as une idée d'où ça peut venir ?

Je dois reprendre à un endroit précis ?

Ce qui est sûr, c'est que la citation du RUNFIX fait bugger OTLPE et qu'après, le programme ne répond plus.
J'ai essayé à 3 reprises.

Je sais que tu as passé pas mal de temps sur le sujet, (fais bien sûr en fonction du possible) mais ce serait très sympa de ne pas me lâcher maintenant... :cry:

Je veux dire par là que j'apprécierais vraiment que tu ne partes pas en vacances

cette semaine !... :wink:

jeanmimigab · le 31 Aoû 2010 17:22

bouuuu, on a la poisse :lol:

on va y aller à la mano alors

redémarre au moyen du LiveCD

affiche les fichier cachés comme cela...
ouvre le poste de travail (Icône My computer sous OTLPE),puis clic sur outil/options des dossiers/choisie l'onglet"affichage"
puis coche Afficher les Fichiers et dossiers cachés
Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
Décoche Masquer les extensions dont le type est connu
cliques sur Appliquer et Ok pour valider les changements

Tout cela risque d'être en Anglais, si c'est le cas

Outils=Tools
options des dossiers= Folder Options
affichage= View
Afficher les Fichiers et dossiers cachés= Show hidden files and folders.

ensuite supprimes (si tu les trouve !) ces fichiers en gras
C:\Documents and Settings\Famille\Local Settings\temp\mcoaernwsx.tmp
C:\Documents and Settings\Famille\Local Settings\temp\nmecsroxwa.tmp
C:\Documents and Settings\Famille\Local Settings\temp\wramxseonc.tmp
C:\Documents and Settings\Famille\Application Data\FC060DD4AD4DF8393EF80351F39E6F79
C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\BTGuard Updates.lnk
C:\BTGUARD
C:\WINDOWS\System32\gthrctr.ini
C:\WINDOWS\System32\idxcntrs.ini
C:\WINDOWS\System32\gsrvctr.ini

ensuite copie ce fichier
C:\WINDOWS\ERDNT\cache\explorer.exe

et colle le dans c:\windows\ (si tu as un avertissement accepte le remplacement)

ensuite fais un scan avec OTLPE et poste le rapport, puis dit moi si le pc va mieux :wink:

[Réglé] ++++ LA POSSESSION : LE RETOUR !!! ++++ • page 2

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Re: ++++ LA POSSESSION : LE RETOUR !!! ++++

Sujets similaires

Qui est en ligne