Windows XP Recovery

Jeels · le 03 Juin 2011 14:36

Bonjour à tous et à toutes,

Hier matin alors que j'utilisé tranquillement mon PC comme à mon habitude, un message d'erreur apparait sous l'intitulé : "Defaillance du disque dur". Il me dit : "Défaillance du disque dur, le système a détecté un problème avec un ou plusieurs disques dur IDE/SATA installés. Nous vous recommandons de redémarrer votre système." Je m'éxecute, et là, pour moi qui n'est vraiment pas callé en informatique, c'est le grand stress : Ecran noir, plus aucun programme ni dossier, et le logiciel "Windows XP Recovery" s'ouvre pour regler mon probleme.
Avant toute chose je fais des recherches sur ce programme, et je découvre que c'est un faux programme destiné à nous voler de l'argent. J'ai aussi eu pour de perdre tout mes dossiers mais j'ai vu que ce problème était éradicable et que l'on pouvait récupérer les dossiers.
Je fonctionne sous Windows XP, et je possède l'antivirus NORTON, qui est périmé (On est arrivé à la date limite et mon père refuse de le renouveler ou d'en prendre un autre.)

Je remet donc la vie de mon PC entre vos mains de chirurgiens informatiques, en espérant qu'il se réveille après l'opération.

Je vous remercie d'avance pour votre aide,

Jeels l'affolé.

jeanmimigab · le 03 Juin 2011 15:32

hello,

mon père refuse de le renouveler ou d'en prendre un autre

Faut dire à papa qu'il existe beaucoup d'antivirus Gratuit, on s'occupera de cela après la désinfection...

Avant tout dit moi le modèle de PC que tu as et sous quel système tu es (XP/Vista/seven ) et si tu as en cas de soucis les dvd de restauration ou DVD de windows :wink:

Dit moi aussi si tu as un autre PC sous la mais pour graver un CD/DVD :wink:

Jeels · le 03 Juin 2011 15:52

Je ne saurais te dire le modèle de mon PC, c'est un PC dont la tour à été fabriqué piece par piece, à ce que l'on m'as dit. Je suis sous XP et j'ai conservé tout les CD, DVD fourni depuis que j'ai le PC. J'ai aussi un ordinateur sous la main pour graver.

Merci de m'aider aussi vite, sa me fait énormement plaisir !

jeanmimigab · le 03 Juin 2011 17:19

OK, c'est cool ont va pouvoir bosser sereinement :wink:

sur le pc qui fonctionne affiche les dossiers/fichiers cachés comme cela pour que l'on puisse bosser...

enfonce les touches "Windows+R" pour ouvrir une fenêtre "exécuter" et tape à l'intérieure explorer.exe puis clique sur OK

dans la fenêtre d'explorateur qui s'ouvre, clique sur outil/options des dossiers/choisie l'onglet"affichage"

puis coche Afficher les Fichiers et dossiers cachés
Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
Décoche Masquer les extensions dont le type est connu

clic sur Appliquer et Ok pour valider les changements

ensuite créer un document texte (clic-droit et choisis "nouveau" > "document.texte" ) à la racine du disque C:\ , ouvre-le et copie ce qui suit à l'intérieure

%temp%\smtmp\1\*. /s
%temp%\smtmp\2\*. /s
%temp%\smtmp\4\*. /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
SAVEMBR:0

Ferme le document texte sans oublier de l'enregistrer...et ré-ouvre-le pour être sur que le texte est bien à l'intérieure.
Tu as donc maintenant un fichier c:\nouveau document texte.txt qui est créer

Ensuite, sur l'autre PC qui est dispo...

fais cela stp...

Insère un CD (ou un DVD) vierge dans ton graveur...si une fenêtre s'ouvre te demandant ce que tu veux faire, ferme cette fenêtre.

Télécharge OTLPENet.iso sur ton bureau.
Insère un CD vierge dans ton graveur, si une fenêtre s'ouvre te demandant ce que tu veux faire, ferme cette fenêtre.
Fais un double-clic sur l'icône d'OTLPENet.iso et suis les instructions pour graver le CD/DVD automatiquement

Éjecte le DVD, met le dans le lecteur du pc infecté et redémarre le pc infecté.
Note : Le dvd gravé, vous devez maintenant redémarrer votre machine sur le lecteur CDROM

Si ton pc ne boot pas automatiquement sur le CD, je t'invite sur ce lien : http://forum.malekal.com/booter-sur-dvd-t9447.html
= Le setup se charge en RAM

= Une fois le CD lancé Windows se charge (comptez 15 à 20 minutes) vous arrivez sur le bureau REATOGO-X-PE

= Double cliquer sur OTLPE

= Une fenêtre s'ouvre : Do you wish to load the remote registry ; Cliquez sur YES

= Une seconde : Do you wish to load remote user profile(s) for scanning ;choisis ta session et Clique sur YES

= Veillez à ce que la case "Automatically Load All Remaining Users" soit cochée et cliquez sur "OK"

=OTL se lance tu arrives sur cette fenêtre

Ensuite tu clique sur l'Icône "My computer" (en haut à gauche du bureau) et tu vas chercher et ouvrir le fichier "c:\nouveau document.txt", tu clic-droit à l'intérieur et choisis "select all" (sélectionner tout) >> puis "copy" (copier) et tu colle le texte sous" Custom Scan box" d'OTL (pour coller tu clic-droit et choisis "paste" (coller)

cliques Run Scan pour démarrer le scan ( il peut être assez long de 15 à 20 minute, laisse-le bosser tranquillement sans te servir du pc.
une fois terminé , ferme le rapport qui s'ouvre.

redémarre ton pc en mode normal et poste le contenu du rapport OTL.txt stp...

le fichier se trouve là C:\OTL.txt

Jeels · le 03 Juin 2011 17:22

Quand tu dit sur le PC qui fonctionne, c'est à dire ?
Car en ce moment, pour poster les reponses je suis sur le PC infecté.

jeanmimigab · le 03 Juin 2011 17:31

hello,

le pc qui fonctionne pour moi est le deuxième que tu as de dispo :wink:

Tu dois de préférence créer le CD/DVD d'OTLPE avec un PC clean (si possible) :wink:

Jeels · le 03 Juin 2011 17:33

Et quand tu dit a la racine du C:/(Je crois avoir compris, je vais dans le poste de travail, j'ouvre le lecteur C:/ et j'effectue directement l'action.) , c'est à dire, oui je suis une vrai quiche en informatique ^^
JE viens aussi de m'aparcevoir que je n'ai plus de CD ou DVD vierge.

Merci beaucoup de ta patience ^^

jeanmimigab · le 03 Juin 2011 17:50

Et quand tu dit a la racine du C:/(Je crois avoir compris, je vais dans le poste de travail, j'ouvre le lecteur C:/ et j'effectue directement l'action.) , c'est à dire,

c'est cela, mais si tu n'as pas de CD/dvd vierges, on va faire autrement...oublie la procédure que je t'ai donnée (sauf l'affichage des dossiers cachés qui est nécessaire)

oui je suis une vrai quiche en informatique ^^

mais non, c'est pas évident tout cela, ai confiance en toi et je vais te guider pas à pas :wink:

vu que tu n'as pas de CD/DVD on vas bosser directement sur le pc infecté... :wink:

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%temp%\smtmp\1\*. /s
%temp%\smtmp\2\*. /s
%temp%\smtmp\4\*. /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup http://www.google.fr /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL

Jeels · le 03 Juin 2011 18:28

Voila, c'est fait.

Alors le rapport OTL.Txt :

Code: Tout sélectionner: OTL logfile created on: 03/06/2011 19:07:49 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Propriétaire\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1023,11 Mb Total Physical Memory | 492,60 Mb Available Physical Memory | 48,15% Memory free 2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,72% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 255,68 Gb Free Space | 85,78% Space Free | Partition Type: NTFS Computer Name: TRISTAN | User Name: Propriétaire | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Documents and Settings\Propriétaire\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\All Users\Application Data\16965412.exe (Microsoft Corporation) PRC - C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\msfeedssync.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Documents and Settings\Propriétaire\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (LiveUpdate Notice) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (Planificateur LiveUpdate automatique) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (comHost) -- C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20090914.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20090914.003\NAVENG.SYS (Symantec Corporation) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SYMIDSCO) -- C:\Program Files\Fichiers communs\Symantec Shared\SymcData\ipsdefs\20090910.001\SymIDSCo.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=38793cd700000000000000195b67a4af&tlver=1.4.19.19&ss=1&affID=18026 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.prizee.fr/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 7A F6 5C 93 5F CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [2011/05/21 10:17:27 | 000,002,428 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Fichiers communs\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [Irivurayapevaf] C:\WINDOWS\msnmlrb.dll (Greatis Software) O4 - HKCU..\Run: [IwTQJSaLxi] C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe (Microsoft Corporation) O4 - HKCU..\Run: [ommqocq] File not found O4 - HKCU..\RunOnce: [Shockwave Updater] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190112967875 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Propriétaire\Mes documents\Mes images\Handball - 14.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Propriétaire\Mes documents\Mes images\Handball - 14.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/09/18 11:49:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Unable to save MBR. Invalid drive designation: 0 NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3F7924B9-D148-3141-87B1-68F36043A940} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471) ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/06/03 19:01:54 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe [2011/06/03 18:07:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Propriétaire\Recent [2011/06/03 14:28:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Windows XP Recovery [2011/06/03 14:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage [2011/06/02 09:59:38 | 000,344,576 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\16965412.exe [2011/06/02 09:54:20 | 000,434,176 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe [2011/06/01 13:58:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Bureau\Microsoft IntelliPoint [2011/06/01 13:49:11 | 006,768,000 | -H-- | C] (Microsoft Corporation) -- C:\Documents and Settings\Propriétaire\Bureau\IP32Fra.exe [2011/05/31 22:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Labtec [2011/05/29 20:31:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Propriétaire\Bureau\Musique spectacle [2011/05/29 18:42:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Propriétaire\Application Data\go [2011/05/29 18:42:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Easybits GO [2011/05/21 10:28:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Propriétaire\Application Data\BabylonToolbar [2011/05/21 10:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/05/21 10:17:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\VOWSoft [2011/05/21 10:17:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ABC 3GP Converter [2011/05/21 10:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2011/05/21 10:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\ABC 3GP Converter [2011/05/20 22:15:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Propriétaire\Application Data\AVS4YOU [2011/05/20 22:14:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\AVS4YOU [2011/05/20 22:13:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AVS4YOU [2011/05/20 22:12:57 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxsw32.dll [2011/05/20 22:12:56 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxhw32.dll [2011/05/20 22:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\AVSMedia [2011/05/20 22:10:16 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll [2011/05/20 22:10:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU [2011/05/20 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2011/05/06 17:28:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Pivot Stickfigure Animator [2011/05/06 17:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Pivot Stickfigure Animator [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\Documents and Settings\Propriétaire\Mes documents\*.tmp files -> C:\Documents and Settings\Propriétaire\Mes documents\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/06/03 19:07:59 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F6E2FFCE-F49F-42E4-854A-721D965AE6D1}.job [2011/06/03 19:07:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ACA16C00-9E62-47A7-ADEE-978502DCB88A}.job [2011/06/03 19:05:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Propriétaire\Bureau\OTL.exe [2011/06/03 18:34:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/06/03 17:48:41 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011/06/03 17:48:29 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/06/03 17:48:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/06/03 17:18:14 | 000,000,073 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\default.pls [2011/06/03 17:18:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/06/03 14:31:58 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16965412r [2011/06/03 14:31:58 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16965412 [2011/06/03 14:04:18 | 000,000,384 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16965412 [2011/06/02 10:26:04 | 000,000,799 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Windows XP Recovery.lnk [2011/06/02 10:25:27 | 000,344,576 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\16965412.exe [2011/06/02 09:57:20 | 000,000,008 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_1 [2011/06/02 09:54:07 | 000,434,176 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe [2011/06/02 09:15:38 | 000,000,205 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\D2Info0 [2011/06/01 19:28:29 | 000,000,008 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_3 [2011/06/01 18:09:34 | 000,000,572 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Propriétaire.job [2011/06/01 13:58:08 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [2011/06/01 13:49:21 | 006,768,000 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Propriétaire\Bureau\IP32Fra.exe [2011/05/31 22:04:44 | 000,000,008 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_2 [2011/05/31 20:27:28 | 000,002,551 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Microsoft Word.lnk [2011/05/31 18:26:48 | 000,002,279 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\PackBarre.lnk [2011/05/31 17:42:05 | 000,013,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/05/29 18:42:47 | 000,001,823 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Jouer (EasyBits GO).lnk [2011/05/28 22:05:22 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2011/05/28 22:05:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2011/05/27 21:44:38 | 000,040,448 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/27 20:59:49 | 000,000,614 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Analyse système complète - Propriétaire.job [2011/05/24 17:19:28 | 000,000,672 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Effectuer une analyse complète du système - Propriétaire.job [2011/05/22 20:50:51 | 023,762,448 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\FLY (REMI GAILLARD) - Thessaloniki [www.keepvid.com].mp4 [2011/05/20 22:04:13 | 021,792,977 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Aller L'OM.mp4 [2011/05/06 20:15:01 | 000,003,778 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Mes documents\11.piv [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\Documents and Settings\Propriétaire\Mes documents\*.tmp files -> C:\Documents and Settings\Propriétaire\Mes documents\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/06/02 10:29:24 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16965412r [2011/06/02 10:29:24 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16965412 [2011/06/02 10:26:04 | 000,000,799 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Windows XP Recovery.lnk [2011/06/02 09:59:42 | 000,000,384 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16965412 [2011/06/01 13:50:21 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job [2011/05/29 18:42:47 | 000,001,829 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Jouer (EasyBits GO).lnk [2011/05/29 18:42:47 | 000,001,823 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Jouer (EasyBits GO).lnk [2011/05/28 22:05:22 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2011/05/28 22:05:22 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2011/05/22 20:50:48 | 023,762,448 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\FLY (REMI GAILLARD) - Thessaloniki [www.keepvid.com].mp4 [2011/05/20 22:04:11 | 021,792,977 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Bureau\Aller L'OM.mp4 [2011/05/06 20:15:01 | 000,003,778 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Mes documents\11.piv [2011/04/29 19:04:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/03/03 16:31:53 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_5 [2010/07/01 17:56:20 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_4 [2010/04/21 13:38:48 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_3 [2010/04/20 21:50:24 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_1 [2010/04/20 17:52:22 | 000,000,205 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\D2Info0 [2010/04/20 17:52:22 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Application Data\DofusAppId0_2 [2010/04/04 21:58:13 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009/12/13 19:55:50 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\zerozero;troisdeuxun.ini [2009/12/13 19:44:54 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\va te cacher pd;conar tu croyais m'avoir.ini [2009/08/31 22:05:05 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/08/31 22:05:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/05/09 11:33:50 | 000,352,441 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq_nav.dat [2009/05/09 11:33:50 | 000,002,986 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq.dat [2009/05/09 11:33:50 | 000,001,672 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq_navps.dat [2008/05/28 11:43:22 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI [2008/05/24 17:56:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/04/12 18:04:30 | 000,000,108 | ---- | C] () -- C:\WINDOWS\GMouse.ini [2008/01/29 21:29:22 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI [2007/11/03 20:26:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007/09/23 10:08:07 | 000,040,448 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/09/22 14:09:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/09/20 11:58:51 | 000,110,945 | ---- | C] () -- C:\WINDOWS\hpoins08.dat [2007/09/20 11:58:51 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat [2007/09/20 11:57:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2007/09/18 16:41:56 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/09/18 16:41:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2007/09/18 14:45:03 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Propriétaire\Local Settings\Application Data\fusioncache.dat [2007/09/18 13:34:20 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/09/18 13:31:22 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/09/18 12:27:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2007/09/18 11:55:13 | 000,016,319 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007/09/18 11:55:08 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007/09/18 11:54:57 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007/09/18 11:51:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/09/18 11:46:44 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007/06/29 00:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/06/29 00:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2007/06/29 00:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/06/29 00:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2007/06/29 00:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/06/29 00:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin [2007/06/29 00:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/06/29 00:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2007/06/29 00:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2007/06/29 00:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/05 14:00:00 | 000,510,752 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2004/08/05 14:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/05 14:00:00 | 000,084,954 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2004/08/05 14:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/05 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001/07/06 16:30:00 | 000,003,279 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [color=#E56717]========== LOP Check ==========[/color] [2011/06/02 09:52:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO [2009/08/31 22:05:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GeoVid [2011/01/18 21:09:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO [2008/07/01 10:48:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\phenomedia [2009/09/10 17:44:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/05/21 10:17:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft [2008/05/24 17:56:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\.wyzo [2008/04/13 22:23:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\ALLCapture [2010/04/20 17:52:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\app [2011/05/21 10:28:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\BabylonToolbar [2009/08/14 09:38:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\BitCometLite [2011/05/26 15:39:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus 2 [2010/04/20 17:52:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/04/21 13:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/07/01 17:56:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/03/03 16:31:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-5.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/04/20 21:50:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2009/10/30 12:47:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\DofusOnline.D3C9F6CBD45122AC696063EA7CD9E35E7469708A.1 [2009/08/31 22:06:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\GeoVid [2011/06/02 09:12:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\go [2010/06/23 13:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Image Zone Express [2011/01/18 21:10:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\ImTOO [2008/04/09 17:49:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Leadertech [2011/01/22 12:41:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire [2010/07/02 09:39:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Megaupload [2010/06/27 21:28:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\MusE [2010/04/20 17:52:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2009/09/25 13:40:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Synthesia [2009/09/10 17:47:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Technology Lighthouse [2011/06/03 19:07:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACA16C00-9E62-47A7-ADEE-978502DCB88A}.job [2011/06/03 19:07:59 | 000,000,446 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F6E2FFCE-F49F-42E4-854A-721D965AE6D1}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %temp%\1\*. /s >[/color] [color=#A23BEC]< %temp%\2\*. /s >[/color] [color=#A23BEC]< %temp%\4\*. /s >[/color] [color=#A23BEC]< %temp%\1\*.* /s >[/color] [color=#A23BEC]< %temp%\2\*.* /s >[/color] [color=#A23BEC]< %temp%\4\*.* /s >[/color] [color=#A23BEC]< nslookup http://www.google.fr /c >[/color] No captured output from command... [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [2009/10/30 11:46:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2008/09/01 16:17:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2011/05/20 22:15:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU [2011/06/02 09:52:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO [2009/08/31 22:05:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GeoVid [2009/01/20 19:27:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2011/06/03 10:20:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater [2007/09/20 12:06:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2011/01/18 21:09:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO [2010/06/22 12:25:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010/10/27 13:07:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Norton [2010/05/12 18:01:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2008/07/01 10:48:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\phenomedia [2008/01/30 16:31:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2011/04/29 19:01:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2011/05/31 17:54:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras [2011/05/31 21:53:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2009/09/10 17:44:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/05/21 10:17:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\VOWSoft [2007/09/18 12:59:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2008/05/15 13:56:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [2011/06/02 10:25:27 | 000,344,576 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\16965412.exe [2011/06/02 09:54:07 | 000,434,176 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe [2011/05/29 18:42:45 | 000,423,296 | -H-- | M] (EasyBits Software AS) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\EasyBitsGO.exe [2011/05/29 18:42:45 | 000,014,208 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Easybits GO\ezShell64Run.exe [2011/05/29 18:42:45 | 000,718,208 | -H-- | M] (EasyBits Media) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\Svc\GOUpdate.exe [2011/05/21 10:15:26 | 000,526,512 | -H-- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe [2010/09/23 14:24:54 | 001,820,016 | -H-- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe [2009/09/09 14:10:04 | 000,223,600 | -H-- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Symantec\NortonProtectionMemo.exe [color=#A23BEC]< %APPDATA%\*. >[/color] [2008/05/24 17:56:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\.wyzo [2011/06/03 14:28:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Adobe [2007/09/23 11:07:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Ahead [2008/04/13 22:23:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\ALLCapture [2010/04/20 17:52:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\app [2008/09/01 18:16:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer [2011/05/20 22:18:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\AVS4YOU [2011/05/21 10:28:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\BabylonToolbar [2009/08/14 09:38:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\BitCometLite [2011/05/26 15:39:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus 2 [2010/04/20 17:52:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/04/21 13:38:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/07/01 17:56:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2011/03/03 16:31:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus-5.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/04/20 21:50:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2009/10/30 12:47:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\DofusOnline.D3C9F6CBD45122AC696063EA7CD9E35E7469708A.1 [2009/08/31 22:06:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\GeoVid [2011/06/02 09:12:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\go [2007/09/22 13:30:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Google [2007/09/20 12:06:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\HP [2007/09/18 11:53:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Identities [2010/06/23 13:56:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Image Zone Express [2011/01/18 21:10:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\ImTOO [2008/04/09 17:49:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Leadertech [2011/01/22 12:41:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire [2007/09/22 13:41:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Macromedia [2010/07/02 09:39:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Megaupload [2010/08/08 11:21:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft [2010/06/27 21:28:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\MusE [2010/04/20 17:52:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2010/09/29 16:49:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Sibelius Software [2011/06/03 17:49:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Skype [2011/05/29 18:30:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\skypePM [2008/06/02 13:24:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Sun [2008/08/11 11:10:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Symantec [2009/09/25 13:40:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Synthesia [2009/09/10 17:47:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\Technology Lighthouse [2008/05/24 13:54:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Propriétaire\Application Data\WinRAR [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2011/06/02 09:54:05 | 000,434,176 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Propriétaire\Application Data\Adobe\plugs\KB2660734.exe [2009/05/06 20:13:24 | 000,163,840 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\crashreporter.exe [2009/05/06 20:13:25 | 000,196,608 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\updater.exe [2009/05/06 20:13:25 | 000,014,848 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\xpcshell.exe [2009/05/06 20:13:25 | 000,077,824 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe [2009/05/06 20:13:25 | 000,266,240 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\xpidl.exe [2009/05/06 20:13:25 | 000,018,432 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe [2009/05/06 20:13:25 | 000,014,336 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\xpt_link.exe [2009/05/06 20:13:26 | 000,073,728 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe [2009/05/06 20:13:26 | 000,102,400 | -H-- | M] (Mozilla Foundation) -- C:\Documents and Settings\Propriétaire\Application Data\LimeWire\browser\xulrunner\xulrunner.exe [2011/04/01 19:56:06 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008/01/17 18:15:02 | 001,523,040 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Propriétaire\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2008/09/13 15:53:43 | 000,003,638 | RH-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_21CAE368B031DCFA40D4B2.exe [2008/09/13 15:53:43 | 000,003,638 | RH-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_6FEFF9B68218417F98F549.exe [2008/09/13 15:53:43 | 000,001,406 | RH-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_887C53F1F4D0BDE7D1E9DC.exe [2008/09/13 15:53:43 | 000,003,638 | RH-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_EA9BE1A01657D66F7A6C1E.exe [2008/09/13 15:53:44 | 000,003,638 | RH-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{2D57FB4E-6277-4A6D-8739-304C38051B89}\_F9F7B7F8673C5870BD2E5D.exe [2011/04/02 17:33:00 | 000,233,472 | RH-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{91A09421-8C4E-4B4F-99A5-E88C2AB5C5FC}\DesktopIcon.exe [2011/04/02 17:33:00 | 000,233,472 | RH-- | M] () -- C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Installer\{91A09421-8C4E-4B4F-99A5-E88C2AB5C5FC}\StartMenuIcon.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004/08/05 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: CHANGER.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [color=#A23BEC]< MD5 for: CTFMON.EXE >[/color] [2004/08/05 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe [2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe [2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004/08/05 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008/04/13 20:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004/08/05 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2004/08/05 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2004/08/05 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys [color=#A23BEC]< MD5 for: RDPCLIP.EXE >[/color] [2004/08/05 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=54554AC5C79D6E4319998BB339D184E5 -- C:\WINDOWS\$NtServicePackUninstall$\rdpclip.exe [2008/04/14 04:34:18 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe [2008/04/14 04:34:18 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=B46EF6930DDE7393FB4BD0150BCC786C -- C:\WINDOWS\system32\rdpclip.exe [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2005/06/10 06:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005/06/10 06:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys [2004/08/05 14:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll [2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004/08/05 14:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys [color=#A23BEC]< MD5 for: SPLITTER.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys [2006/06/14 10:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008/04/13 20:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys [color=#A23BEC]< MD5 for: SWMIDI.SYS >[/color] [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008/04/13 20:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2006/04/20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys [2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2007/10/30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [2007/10/30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2004/08/05 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006/04/20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2004/08/05 14:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008/04/14 04:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004/08/05 14:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008/04/13 20:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys [2005/10/28 03:23:43 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\chs\drivers\win9x_me\usbprint.sys [2005/10/28 03:23:48 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\cht\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:16 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\csy\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:20 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\dan\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:25 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\deu\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:57 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\enu\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:02 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\esm\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:07 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\fin\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:12 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\fra\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:16 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\grk\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:21 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\hun\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:26 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\ita\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:36 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\jpn\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:41 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\kor\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:51 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\nld\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:56 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\non\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:00 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\plk\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:05 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\ptb\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:10 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\rus\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:15 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\slk\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:20 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\svc\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:24 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\tha\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:29 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\tur\drivers\win9x_me\usbprint.sys [2005/10/28 03:23:25 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease\usbprint.sys [2005/10/28 03:23:43 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\chs\drivers\win9x_me\usbprint.sys [2005/10/28 03:23:48 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\cht\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:16 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\csy\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:20 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\dan\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:25 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\deu\drivers\win9x_me\usbprint.sys [2005/10/28 03:24:57 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\enu\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:02 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\esm\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:07 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\fin\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:12 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\fra\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:16 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\grk\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:21 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\hun\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:26 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\ita\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:36 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\jpn\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:41 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\kor\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:51 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\nld\drivers\win9x_me\usbprint.sys [2005/10/28 03:25:56 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\non\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:00 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\plk\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:05 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\ptb\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:10 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\rus\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:15 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\slk\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:20 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\svc\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:24 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\tha\drivers\win9x_me\usbprint.sys [2005/10/28 03:26:29 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\tur\drivers\win9x_me\usbprint.sys [2005/10/28 03:23:25 | 000,022,608 | RH-- | M] (Microsoft Corporation) MD5=BDCF7F43ABD107E8F7D31D78C1B096A8 -- C:\Documents and Settings\Propriétaire\Local Settings\Temp\hp_webrelease_\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2008/09/08 11:55:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2004/08/05 14:00:00 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=313B1A0D5DB26DFE1C34A6C13B2CE0A7 -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys [2008/04/14 03:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation) MD5=46DE1126684369BACE4849E4FC8C43CA -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys [2008/04/14 03:56:04 | 000,053,376 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drivers\volsnap.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< MD5 for: WSCNTFY.EXE >[/color] [2008/04/14 04:34:29 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe [2008/04/14 04:34:29 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=02DA31AB433A6C1110A736C85701DECA -- C:\WINDOWS\system32\wscntfy.exe [2004/08/05 14:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=54CDDAD404557ED98433D6ECBFC92691 -- C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0766416E @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E2028C8 < End of report >

Et le rapport Extras.Txt :

Code: Tout sélectionner: OTL Extras logfile created on: 03/06/2011 19:07:49 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Propriétaire\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1023,11 Mb Total Physical Memory | 492,60 Mb Available Physical Memory | 48,15% Memory free 2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,72% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 255,68 Gb Free Space | 85,78% Space Free | Partition Type: NTFS Computer Name: TRISTAN | User Name: Propriétaire | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300 "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp "{0FDFF015-E1DF-4439-9C5B-CE8E04A9E941}" = SymNet "{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status "{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{2D57FB4E-6277-4A6D-8739-304C38051B89}" = Jitbit Macro Recorder "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy "{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "{38E0C491-5230-4373-B62E-F1A6E94B1036}" = Nero 7 Premium "{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0 "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager "{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager "{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core "{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only) "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = PageRage 1.10.01 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{91A09421-8C4E-4B4F-99A5-E88C2AB5C5FC}" = PackBarre "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar "{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help "{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABC 3GP/MP4 Converter" = ABC 3GP/MP4 Converter 3.00 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2 "Arena 2.70.9" = Arena 2.70.9 "Audacity_is1" = Audacity 1.2.6 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7 "BabylonToolbar" = Babylon toolbar "eMule" = eMule "GeoGebra" = GeoGebra "GoldBarre" = GoldBarre "Google Chrome" = Google Chrome "Google Updater" = Outil de mise à jour Google "HP Imaging Device Functions" = HP Imaging Device Functions 6.1 "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1 "HPExtendedCapabilities" = HP Extended Capabilities 6.1 "HyperCam 2" = HyperCam 2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6 "InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "LimeWire" = LimeWire 5.1.2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MuseScore" = MuseScore 0.9.6 MuseScore score typesetter "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "ommqocq" = Favorit "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "Speed Gear_is1" = Speed Gear v6.0 "SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation) "Synthesia" = Synthesia (remove only) "TagScanner_is1" = TagScanner 5.1 build 551 "VideoAvatar_is1" = VideoAvatar "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Installation Windows Live "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "7000d0b67f2f1c34" = PackBarre "bf49a51268b6150a" = PackBarre "Game Organizer" = EasyBits GO "World of Warcraft Trial" = Essai de World of Warcraft [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 01/06/2011 07:25:26 | Computer Name = TRISTAN | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 02/06/2011 09:49:33 | Computer Name = TRISTAN | Source = Application Error | ID = 1000 Description = Application défaillante services.exe, version 5.1.2600.5755, module défaillant ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x00001de6. Error - 03/06/2011 04:28:03 | Computer Name = TRISTAN | Source = ESENT | ID = 488 Description = wlcomm (1484) Une tentative de création du fichier "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\{2abb5edc-1518-40af-8dba-53247b0a6465}\DBStore\contacts.pat" a échoué en indiquant l'erreur système 5 (0x00000005) : "Accès refusé. ". L'opération de création de fichier échouera en indiquant l'erreur -1032 (0xfffffbf8). Error - 03/06/2011 04:28:11 | Computer Name = TRISTAN | Source = ESENT | ID = 217 Description = wlcomm (1484) Erreur (-1032) lors de la sauvegarde d'une base de données (fichier C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\{2abb5edc-1518-40af-8dba-53247b0a6465}\DBStore\contacts.edb). Impossible de restaurer cette base de données. Error - 03/06/2011 04:28:11 | Computer Name = TRISTAN | Source = ESENT | ID = 215 Description = wlcomm (1484) C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\{2abb5edc-1518-40af-8dba-53247b0a6465}\: La sauvegarde a été interrompue en raison de son abandon par le client ou de l'échec de la connexion avec le client. Error - 03/06/2011 04:28:36 | Computer Name = TRISTAN | Source = ESENT | ID = 488 Description = wlcomm (1484) Une tentative de création du fichier "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\{4ffb4bbe-8fcf-4ee5-bef4-1e3a3ab321c9}\DBStore\contacts.pat" a échoué en indiquant l'erreur système 5 (0x00000005) : "Accès refusé. ". L'opération de création de fichier échouera en indiquant l'erreur -1032 (0xfffffbf8). Error - 03/06/2011 04:28:36 | Computer Name = TRISTAN | Source = ESENT | ID = 217 Description = wlcomm (1484) Erreur (-1032) lors de la sauvegarde d'une base de données (fichier C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\{4ffb4bbe-8fcf-4ee5-bef4-1e3a3ab321c9}\DBStore\contacts.edb). Impossible de restaurer cette base de données. Error - 03/06/2011 04:28:36 | Computer Name = TRISTAN | Source = ESENT | ID = 215 Description = wlcomm (1484) C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows Live Contacts\{4ffb4bbe-8fcf-4ee5-bef4-1e3a3ab321c9}\: La sauvegarde a été interrompue en raison de son abandon par le client ou de l'échec de la connexion avec le client. Error - 03/06/2011 09:12:01 | Computer Name = TRISTAN | Source = Application Error | ID = 1000 Description = Application défaillante iexplore.exe, version 8.0.6001.18702, module défaillant mshtml.dll, version 8.0.6001.19046, adresse de défaillance 0x0009b1d6. Error - 03/06/2011 11:52:02 | Computer Name = TRISTAN | Source = Application Hang | ID = 1002 Description = Application bloquée msnmsgr.exe, version 14.0.8117.416, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ System Events ] Error - 03/06/2011 10:27:34 | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7000 Description = Le service NTPort Library Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 03/06/2011 11:04:48 | Computer Name = TRISTAN | Source = sr | ID = 1 Description = Le filtre de restauration du système à rencontré l'erreur inattendue '0xC0000043' pendant le traitement du fichier 'SrtETmp' sur le volume 'HarddiskVolume1'. Ceci a entraîné l'arrêt de la surveillance du volume. Error - 03/06/2011 11:06:13 | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Planificateur LiveUpdate automatique. Error - 03/06/2011 11:06:13 | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7000 Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 03/06/2011 11:06:13 | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7000 Description = Le service NTPort Library Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 03/06/2011 11:48:31 | Computer Name = TRISTAN | Source = sr | ID = 1 Description = Le filtre de restauration du système à rencontré l'erreur inattendue '0xC0000043' pendant le traitement du fichier 'SrtETmp' sur le volume 'HarddiskVolume1'. Ceci a entraîné l'arrêt de la surveillance du volume. Error - 03/06/2011 11:49:48 | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7009 Description = Délai (30000 millisecondes) d'attente pour une connexion du service Planificateur LiveUpdate automatique. Error - 03/06/2011 11:49:48 | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7000 Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur : %%1053 Error - 03/06/2011 11:49:48 | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7000 Description = Le service NTPort Library Driver n'a pas pu démarrer en raison de l'erreur : %%2 Error - 03/06/2011 11:50:35 | Computer Name = TRISTAN | Source = DCOM | ID = 10010 Description = Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. < End of report >

En tout cas, merci beaucoup de l'aide que tu m'apporte !

jeanmimigab · le 03 Juin 2011 18:59

re,

bon, c'est plus impressionnant que vilain :wink:

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
PRC - C:\Documents and Settings\All Users\Application Data\16965412.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe (Microsoft Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=38793cd700000000000000195b67a4af&tlver=1.4.19.19&ss=1&affID=18026
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.prizee.fr/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6E 7A F6 5C 93 5F CA 01 [binary data]
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM\..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKCU\..\Run: [fsm] File not found
O4 - HKCU\..\Run: [Irivurayapevaf] C:\WINDOWS\msnmlrb.dll (Greatis Software)
O4 - HKCU\..\Run: [IwTQJSaLxi] C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe (Microsoft Corporation)
O4 - HKCU\..\Run: [ommqocq] File not found
O4 - HKCU\..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\Documents and Settings\Propriétaire\Mes documents\*.tmp files -> C:\Documents and Settings\Propriétaire\Mes documents\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/06/03 14:31:58 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16965412r
[2011/06/03 14:31:58 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16965412
[2011/06/03 14:04:18 | 000,000,384 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16965412
[2011/06/02 10:26:04 | 000,000,799 | -H-- | M] () -- C:\Documents and Settings\Propriétaire\Bureau\Windows XP Recovery.lnk
[2011/06/02 10:25:27 | 000,344,576 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\16965412.exe

:Files
C:\Program Files\BabylonToolbar
C:\Documents and Settings\Propriétaire\Application Data\BabylonToolbar
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Windows XP Recovery
C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe
C:\Documents and Settings\Propriétaire\Bureau\PackBarre.lnk
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq_nav.dat
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq.dat
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq_navps.dat

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ommqocq"=-

:Commands
[emptytemp]
[EMPTYFLASH]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir et redémarre le pc si OTL te le demande
* Copie et colle le rapports dans ta réponse stp...

ensuite...

Télécharge UnHide.exe (de grinler) sur ton bureau
exécute -le, une fenêtre noire va s'ouvrir, laisse le bosser et attend que petite fenêtre de confirmation que tout c'est bien passer apparaisse, et clique sur "OK"

ensuite..

télécharge Malwarebytes.
Téléchargement et tuto de Danakil à lire avant le scan.
Choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et clique sur supprimer la sélection et autorise le redémarrage du pc si demandé.
Poste moi le rapport stp.

Donc il me faut....

Le rapport OTL
Le rapport Malwarebytes stp...

Jeels · le 03 Juin 2011 19:31

J'ai effectué la partie avec OTL, sa m'as fait redemarrer l'ordi, et la quand je rentre premiere surprise, j'ai récupéré mon bureau avec les incones en mode "transparent". La couleur du bureau est passé de noir à bleu et je n'ai toujours pas de programmes dans le menu démarrer. Voila, je suis venue poster les modifications que j'ai pu observer apres la correction de OTL, si cela pouvait t'aider.

Je donne le rapport OTL :

Code: Tout sélectionner: All processes killed ========== OTL ========== No active process named 16965412.exe was found! No active process named IwTQJSaLxi.exe was found! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found. C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe moved successfully. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. C:\WINDOWS\msnmlrb.dll moved successfully. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe moved successfully. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\RunOnce not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully. C:\WINDOWS\003039_.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\Documents and Settings\Propriétaire\Mes documents\~WRL0001.tmp deleted successfully. C:\Documents and Settings\Propriétaire\Mes documents\~WRL0004.tmp deleted successfully. C:\Documents and Settings\Propriétaire\Mes documents\~WRL0005.tmp deleted successfully. C:\Documents and Settings\Propriétaire\Mes documents\~WRL0221.tmp deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\System32\SET18A7.tmp deleted successfully. C:\Documents and Settings\All Users\Application Data\~16965412r moved successfully. C:\Documents and Settings\All Users\Application Data\~16965412 moved successfully. C:\Documents and Settings\All Users\Application Data\16965412 moved successfully. C:\Documents and Settings\Propriétaire\Bureau\Windows XP Recovery.lnk moved successfully. C:\Documents and Settings\All Users\Application Data\16965412.exe moved successfully. ========== FILES ========== C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh folder moved successfully. C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19 folder moved successfully. C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully. C:\Program Files\BabylonToolbar folder moved successfully. C:\Documents and Settings\Propriétaire\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully. C:\Documents and Settings\Propriétaire\Application Data\BabylonToolbar folder moved successfully. C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Windows XP Recovery folder moved successfully. File\Folder C:\Documents and Settings\All Users\Application Data\IwTQJSaLxi.exe not found. C:\Documents and Settings\Propriétaire\Bureau\PackBarre.lnk moved successfully. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq_nav.dat moved successfully. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq.dat moved successfully. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\ommqocq_navps.dat moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ommqocq not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 393352 bytes ->Flash cache emptied: 56466 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 14089417 bytes User: Maman ->Temp folder emptied: 45139058 bytes ->Temporary Internet Files folder emptied: 75320394 bytes ->Flash cache emptied: 6353 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Propritaire User: Propriétaire ->Temp folder emptied: 2873189839 bytes ->Temporary Internet Files folder emptied: 212921878 bytes ->Java cache emptied: 372532 bytes ->Google Chrome cache emptied: 25294272 bytes ->Flash cache emptied: 31740033 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 548430656 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104242169 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1012 bytes Total Files Cleaned = 3 749,00 mb [EMPTYFLASH] User: Administrateur ->Flash cache emptied: 0 bytes

Je passe maintenant à Unhide ^^

Franchement merci beaucoup de ton aide, j'ai deja un PC qui m'inquiéte beaucoup moins quand je le regarde ^^

-----------------------------------------------------------------------------------------------------------------------------------------

J'ai maintenant effectué Unhide, et j'ai récupéré tout mon bureau en mode "normal" et j'ai récupéré mon menu demarrer.

Alors là je suis content ^^

Je te remercie, maintenant je passe à Malwarebytes

--------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes effectué, une dizaines de fichier "trojan", "rogue" et compagnie supprimé.
Je redemarre mon PC et donne le rapport.

Rapport Malwarebytes :

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6765 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 03/06/2011 21:00:16 mbam-log-2011-06-03 (21-00-16).txt Type d'examen: Examen rapide Elément(s) analysé(s): 178891 Temps écoulé: 6 minute(s), 38 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A26F07F-0D60-4835-91CF-1E1766A0EC56} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\epk_extr (Trojan.Skintrim) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MessengerSkinner.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\documents and settings\propriétaire\application data\Adobe\plugs\kb2660734.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

jeanmimigab · le 03 Juin 2011 20:12

ok, c'est cool

Est ce que le fond d'écran que tu avais avant l'infection est revenu ou est-ce toujours un fond de couleur uni ?

Jeels · le 03 Juin 2011 20:16

C'est toujours un fond de couleur uni.
Et au redemarrage de mon ordinateur, j'ai eu un message d'erreur :

"RUNDLL"

Erreur de chargement de C:\WINDOWS\msnmlrb.dll

Le module spécifié est introuvable.

jeanmimigab · le 03 Juin 2011 20:22

ok,

Télécharge MyLook.exe (par jeanmimigab) sur ton bureau...
Lance-le et fais le choix N°2 (explorer une clef de registre) et valide par la touche "entrée"
Fais un copier/coller du texte en rouge dans la fenêtre de MyLook
HKEY_CURRENT_USER\Control Panel\Desktop
et valide par la touche "entrée"
Poste le rapport qui s'ouvre stp...

Jeels · le 03 Juin 2011 20:25

Le petit Bébé :

Code: Tout sélectionner: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Control Panel\Desktop] "ActiveWndTrkTimeout"=dword:00000000 "AutoEndTasks"="0" "CaretWidth"=dword:00000001 "CoolSwitch"="1" "CoolSwitchColumns"="7" "CoolSwitchRows"="3" "CursorBlinkRate"="530" "DragFullWindows"="1" "DragHeight"="4" "DragWidth"="4" "FontSmoothing"="2" "FontSmoothingOrientation"=dword:00000001 "FontSmoothingType"=dword:00000001 "ForegroundFlashCount"=dword:00000003 "ForegroundLockTimeout"=dword:00030d40 "GridGranularity"="0" "HungAppTimeout"="5000" "LowPowerActive"="0" "LowPowerTimeOut"="0" "MenuShowDelay"="400" "PaintDesktopVersion"=dword:00000000 "PowerOffActive"="0" "PowerOffTimeOut"="0" "ScreenSaverIsSecure"="0" "ScreenSaveTimeOut"="599940" "ScreenSaveActive"="1" "SCRNSAVE.EXE"="C:\\WINDOWS\\system32\\logon.scr" "TileWallpaper"="0" "UserPreferencesMask"=hex:9e,3e,07,80 "WaitToKillAppTimeout"="20000" "Wallpaper"="" "WallpaperStyle"="2" "OriginalWallpaper"="C:\\Documents and Settings\\Propriétaire\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp" "WheelScrollLines"="3" "Pattern Upgrade"="TRUE" "ConvertedWallpaper"="C:\\Documents and Settings\\Propriétaire\\Mes documents\\Mes images\\0K4LSKCANBD9P2CA6B07IGCAWDTPDKCAIC4Z9ICA9EDRZQCAPRVQHUCA8XKEQLCA6GQM0OCAW2J9IECAM95VRPCAC77LO6CATXP718CAXA828GCAUBHDJ4CA2Y4617CAK341SFCAW4G29GCA26AAXR.jpg" "ConvertedWallpaper Last WriteTime"=hex:22,af,ee,97,4e,ab,ca,01 "Pattern"="" "WallpaperOld"="C:\\Documents and Settings\\Propriétaire\\Mes documents\\Mes images\\Handball - 14.bmp" "WallpaperStyleOld"="2" "TileWallpaperOld"="0" [HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] "BorderWidth"="-15" "CaptionFont"=hex:f3,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,00,\ 00,00,00,01,00,00,00,00,54,00,72,00,65,00,62,00,75,00,63,00,68,00,65,00,74,\ 00,20,00,4d,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "CaptionHeight"="-375" "CaptionWidth"="-270" "IconFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\ 00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "IconSpacing"="-1275" "IconTitleWrap"="1" "IconVerticalspacing"="-1125" "MenuFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,\ 00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "MenuHeight"="-285" "MenuWidth"="-270" "MessageFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,\ 00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "ScrollHeight"="-255" "ScrollWidth"="-255" "Shell Icon BPP"="16" "SmCaptionFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,bc,02,00,\ 00,00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "SmCaptionHeight"="-255" "SmCaptionWidth"="-255" "StatusFont"=hex:f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,\ 00,00,00,01,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "AppliedDPI"=dword:00000060 "Shell Icon Size"="32" "MinAnimate"="1"

Windows XP Recovery

Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Re: Windows XP Recovery

Sujets similaires

Qui est en ligne