PC infecté, a l'aide !!!

mou_yem Messages postés 116 Statut Membre -
mou_yem Messages postés 116 Statut Membre - 4 janv. 2010 à 11:52

Bonjour,

depuis quelques jours, je trouvais que mon PC était anormalement lent: 5 fois plus de temps que d'habitude pour s'allumer (chargement de windows XP), quelques bugs, s'éteint parfois tout seul puis se rallume et enfin lorsque je l'éteins l'écran reste figé sur "Fermeture en cous...".

J'utilise Avira (version gratuite) qui n'a rien détecté.

J'ai donc effectué un scan avec Dr Web cureit qui, dans un premier temps a détecté que le fichier "csrcs.exe" était infecté (par un truc du genre Win32 Autohit 911X, désolé je ne me souviens plus du nom exacte).
Le souci est qu'arrivé a la moitié du scan il se bloque et arrête de scanner le PC.

Même chose avec le scan en ligne de eset, il détecte un fichier infecte (par Win32.Packed.Autoit.Gen application) puis se fige a 17% du scan (je l'ai pourtant laisse travaille plusieurs heures !!!

J'ai aussi installe la version d'essai de Eset (après avoir désactivé Avira): il est actuellement en cours de scan et n'a rien détecté.

Je ne sais plus quoi faire, je suis a blasé, étant donne que mon PC est mon principal outil de travail.

Merci d'avance pour votre aide.

Pour info, j'utilise:
- antivir d'avira
- Spybot
- PC Tool comme pare-feu

Afficher la suite

A voir également:

PC infecté, a l'aide !!!
Reinitialiser pc - Guide
Pc lent - Guide
Test performance pc - Guide
Downloader for pc - Télécharger - Téléchargement & Transfert
Forcer demarrage pc - Guide

30 réponses

Réponse 21 / 30

mou_yem Messages postés 116 Statut Membre 1

Salut,

voici le rapport:

ComboFix 10-01-02.05 - Mourad 01/03/2010 20:12:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.2589 [GMT 3:00]
Running from: c:\documents and settings\Mourad\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{525D3~1
c:\progra~1\COMMON~1\{525D3~1\slscp.log
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\autorun.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\readme.txt
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.exe
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.MSI
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\SLExtBU\ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\SLExtBU\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.cat
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.sys
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.cat
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.sys
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvipco.dll
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvipgx.dll
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\TLRecAgent.sys

.
((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-02 04:36 . 2010-01-02 04:36 -------- d--h--w- c:\windows\PIF
2010-01-02 03:58 . 2010-01-02 03:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-01-02 03:57 . 2010-01-02 04:22 -------- d-----w- C:\UsbFix
2010-01-02 03:48 . 2010-01-02 03:49 -------- d-----w- C:\rsit
2010-01-02 02:58 . 2010-01-02 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-01-01 18:18 . 2010-01-02 02:58 -------- d-----w- c:\program files\ESET
2010-01-01 11:51 . 2009-06-30 06:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-01 03:39 . 2010-01-01 03:41 -------- d-----w- c:\program files\OpenVPN
2009-12-31 18:22 . 2009-03-25 11:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-12-31 17:28 . 2004-08-03 19:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2009-12-31 17:28 . 2004-08-03 19:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-12-30 15:27 . 2009-12-30 15:27 6868368 ----a-w- c:\documents and settings\Mourad\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe
2009-12-23 22:52 . 2009-12-23 22:52 -------- d-----w- c:\program files\Common Files\Skype
2009-12-23 15:56 . 2009-12-23 15:57 -------- d-----w- c:\documents and settings\Mourad\Application Data\RealTunnelv2
2009-12-20 21:33 . 2009-12-20 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SolarWinds
2009-12-20 21:32 . 2009-12-20 21:32 -------- d-----w- c:\program files\SolarWinds
2009-12-20 20:16 . 2009-12-20 20:16 729088 ----a-w- c:\windows\iun6002.exe
2009-12-20 20:16 . 2009-12-20 21:47 -------- d-----w- c:\program files\TFTP Desktop
2009-12-20 08:33 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-12-20 08:33 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-12-20 08:31 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 15:00 . 2009-04-22 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-03 10:39 . 2009-08-18 03:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-03 04:12 . 2009-04-23 21:22 1 ----a-w- c:\documents and settings\Mourad\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-02 10:23 . 2009-04-23 03:01 -------- d-----w- c:\program files\Real
2010-01-02 08:56 . 2009-04-23 03:01 -------- d-----w- c:\program files\Common Files\Real
2010-01-01 13:21 . 2009-06-07 10:28 -------- d-----w- c:\program files\Panda Security
2010-01-01 00:18 . 2009-04-22 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 00:18 . 2009-04-22 23:10 5061520 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-31 23:41 . 2009-04-29 23:02 -------- d-----w- c:\program files\ma-config.com
2009-12-31 22:34 . 2009-08-18 03:14 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-12-31 18:22 . 2009-04-22 13:49 -------- d-----w- c:\program files\Realtek
2009-12-31 18:22 . 2009-04-22 13:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 18:14 . 2009-04-29 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
2009-12-31 05:03 . 2009-10-13 18:49 -------- d-----w- c:\documents and settings\Mourad\Application Data\Skype
2009-12-31 05:00 . 2009-04-22 23:13 -------- d-----w- c:\documents and settings\Mourad\Application Data\skypePM
2009-12-30 18:19 . 2009-08-01 10:35 -------- d-----w- c:\documents and settings\Mourad\Application Data\vlc
2009-12-30 11:55 . 2009-04-22 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 11:54 . 2009-04-22 23:09 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 04:03 . 2009-04-22 22:57 -------- d-----w- c:\program files\Google Chrome
2009-12-23 22:52 . 2009-10-13 18:48 -------- d-----r- c:\program files\Skype
2009-12-23 22:52 . 2009-04-22 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-20 08:49 . 2009-04-22 14:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-20 08:48 . 2009-07-14 16:13 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-11 06:30 . 2009-10-19 21:48 177056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-11 03:13 . 2009-06-06 15:08 -------- d-----w- c:\documents and settings\Mourad\Application Data\HP
2009-11-11 03:13 . 2009-06-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-11 02:14 . 2009-04-22 14:05 32024 -c--a-w- c:\documents and settings\Mourad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 21:04 . 2008-07-31 22:42 25984 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-10-31 08:23 . 2009-04-22 14:23 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-10-29 07:45 . 2004-09-29 18:47 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeyyoFax.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KeyyoFax.lnk
backup=c:\windows\pss\KeyyoFax.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mourad^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Mourad\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mourad^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
path=c:\documents and settings\Mourad\Start Menu\Programs\Startup\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\V0420Ext.ax]
c:\windows\system32\V0420Ext.ax [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
c:\program files\ZTE Corporation\ZXDSL852\CnxDslTb.exe ZTE Corporation\ZXDSL852 [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParadialRealTun2
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WengoPhoneNG

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 09:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 01:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2009-03-02 08:14 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 -c--a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\V0420Cvw.dll]
2007-05-14 01:00 262144 -c--a-r- c:\windows\system32\V0420CVW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
2009-05-08 21:19 557149 -c--a-w- c:\program files\Thomson\ST330\diagnostics\diagnostics.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLinkMonitor.exe]
2007-01-03 11:12 651264 -c--a-w- c:\program files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-07-18 03:21 257440 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-22 22:50 133104 -c--atw- c:\documents and settings\Mourad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 09:46 159744 -c--a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 18:17 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 13:31 80896 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 09:46 135168 -c--a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 15:50 4363504 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-08-26 20:07 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 05:27 570664 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 09:46 131072 -c--a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-04-10 10:38 17879552 -c--a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 15:15 1826816 -c--a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 13:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-31 08:23 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 -c--a-r- c:\windows\V0420Mon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Thomson\\ST330\\service\\st330service.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5060:UDP"= 5060:UDP:5060
"5061:UDP"= 5061:UDP:5061
"16384:UDP"= 16384:UDP:16384
"16482:UDP"= 16482:UDP:16482

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [1/7/2009 11:39 PM 20744]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/1/2010 2:51 PM 28552]
R0 TLRecAgent;TLRecAgent;c:\windows\system32\drivers\TLRecAgent.sys [7/22/2009 11:19 AM 37208]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/18/2009 6:15 AM 159600]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2009 7:13 PM 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/18/2009 6:15 AM 73840]
R2 VService;VService;c:\program files\D-Link\D-Link USB VoIP Adapter\VServ.exe [1/2/2007 1:07 PM 105208]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/18/2009 6:14 AM 95640]
R3 ST330;ST330;c:\windows\system32\drivers\st330.sys [4/30/2009 7:43 PM 30464]
R3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [4/30/2009 7:43 PM 12672]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [4/30/2009 7:43 PM 32000]
S2 gupdate1c9c3c0e7640a00;Service Google Update (gupdate1c9c3c0e7640a00);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2009 6:09 AM 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/30/2009 3:13 AM 1684736]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [12/7/2008 12:44 PM 30088]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 DOSMEMIO;MEMIO;\??\g:\memio.sys --> g:\MEMIO.SYS [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [7/2/2008 2:58 PM 26248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/17/2009 7:00 PM 243056]
S3 slusbvip;SL3800 USB Driver;c:\windows\system32\drivers\slusbvip.sys [7/22/2009 11:19 AM 591832]
S3 SLVAD_simple;D-Link Virtual Audio Device;c:\windows\system32\drivers\slvad.sys [7/22/2009 11:20 AM 85656]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [10/20/2009 9:52 PM 54272]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [5/31/2009 5:38 PM 99648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-08-04 00:12]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:09]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 03:09]

2010-01-03 c:\windows\Tasks\User_Feed_Synchronization-{894F263C-E34C-448D-AD66-4A9A7005FF4A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {33AFB313-4EC0-403E-A9F3-948279A1C833} = 82.114.162.33 195.94.0.34
FF - ProfilePath - c:\documents and settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\documents and settings\Mourad\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BtTray - c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe
MSConfigStartUp-SpeedTouch USB Diagnostics - c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TLinkAgent - c:\program files\D-Link\D-Link USB Phone Adapter\DPH-50U Utility.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson/ST330/service/st330service.exe -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\MSVCP60.dll
.
Completion time: 2010-01-03 20:18:35
ComboFix-quarantined-files.txt 2010-01-03 17:18

Pre-Run: 22,489,088,000 bytes free
Post-Run: 22,441,598,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 35D177D1D3026A8FB727AE1E0B1733D7

Réponse 22 / 30

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut mou_yem

Faire un scan avec [b]BitDefender[/b] ici :

http://www.bitdefender.fr/scan8/ie.html [color=red][b](A faire avec Internet Explorer)[/b][/color]

Tutoriel : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId406812

@++ :)

Réponse 23 / 30

mou_yem Messages postés 116 Statut Membre 1

Bonsoir,

J'ai reussi a mener le scan a terme. Voici le rapport:

BitDefender Online Scanner

Rapport d'analyse gnr : Mon, Jan 04, 2010 - 00:27:54

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;I:\;

Statistiques

Temps
01:47:55

Fichiers
76633

Directoires
6576

Secteurs de boot
0

Archives
1694

Paquets programmes
4170

Rsultats

Virus identifis
1

Fichiers infects
3

Fichiers suspects
0

Avertissements
0

Dsinfects
0

Fichiers effacs
3

Info sur les moteurs

Dfinition virus
4811475

Version des moteurs
AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)

Analyse des plugins
17

Archive des plugins
44

Unpack des plugins
8

E-mail plugins
6

Systme plugins
4

Paramtres d'analyse

Premire action
DÃ©sinfectÃ©

Seconde Action
SupprimÃ©s

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analyses
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analys
Statut

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0123577.exe
InfectÃ© par: Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0123577.exe
Echec de la dÃ©sinfection

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0123577.exe
SupprimÃ©

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0129574.exe
InfectÃ© par: Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0129574.exe
Echec de la dÃ©sinfection

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP236\A0129574.exe
SupprimÃ©

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP241\A0134569.exe
InfectÃ© par: Gen:Trojan.Heur.AutoIT.Yq3@byjiJjfO

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP241\A0134569.exe
Echec de la dÃ©sinfection

C:\System Volume Information\_restore{DB3E0604-AAFE-4E2E-9854-F409F163C479}\RP241\A0134569.exe
SupprimÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.build.utilities.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.Resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.JScript.Resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.Resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.transactions.bridge.resources\3.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.Resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_basetypes
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_basetypes\14.0.0.0__ce2cb7e279207b9e
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_basetypes\14.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_oootypes
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_oootypes\3.0.0.0__ce2cb7e279207b9e
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_oootypes\3.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_oootypes.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_ure
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_ure\17.0.0.0__ce2cb7e279207b9e
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_ure\17.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_uretypes
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_uretypes\3.0.0.0__ce2cb7e279207b9e
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\policy.1.0.cli_uretypes\3.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_uretypes.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationBuildTasks.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationBuildTasks.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic
NettoyÃ©

C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35
NettoyÃ©

Réponse 24 / 30

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut mou_yem

Ton rapport est propre, seulement des points de restauration système infectés que l'on va purger :

Désactive la restauration système sur tous les lecteurs :

- Clique droit sur le Poste de travail sur le bureau, dans propriété tu cliques sur l'onglet Restauration système

- Coche la case désactiver la restauration et applique

Redémarre l’ordinateur et réactive la restauration système.

Tutoriel XP : http://www.libellules.ch/desactiver_restauration.php

Tutoriel Vista : https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista

As-tu d'autre souci?

@++ :)

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 30

mou_yem Messages postés 116 Statut Membre 1

Salut dédétraqué,

j'ai encore quelques soucis avec Windows XP:

- il est encore très très long au démarrage: déjà pour ouvrir ma session, et même après son ouverture mon bureau n'est pas exploitable (impossible de faire quoique ce soit) qu'après quelques minutes,

- impossible de redémarrer ou d'éteindre le PC "normalement": il reste fige sur "windows is shutting down", même si je le laisse plusieurs minutes, ca fait que je suis obligé de l'éteindre manuellement a chaque fois.

- si je lance plusieurs programmes simultanément c'est la panique a bord, il bug ! Alors que ma configuration PC n'est pas si pourrie que ca (processeur intel dual core 1.8, 3Go de Ram)

Ces problèmes sont nouveaux, ils ne sont apparus qu'il y a quelques jours...

Merci pour ton aide.
@+

Réponse 26 / 30

dédétraqué Messages postés 4522 Statut Contributeur sécurité 286

Salut mou_yem

Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Double clique sur OTL.exe pour lancer le.
- Une fenêtre apparaît. Sous Custom Scans (en bas), copie/colle ceci :

netsvcs
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
/md5stop
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s

- Clique sur le bouton Run Scan.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

- Copie/colle ici le contenu des deux fichiers. Utilise un message par rapport.

@++ :)

Réponse 27 / 30

mou_yem Messages postés 116 Statut Membre 1

Salut dédétraqué,

j'essaie depuis ce matin de poster les rapports mais je n'y arrive pas...

Réponse 28 / 30

mou_yem Messages postés 116 Statut Membre 1

Je vais essayer en 2 fois, peut-etre est-il trop long;

- OTL.txt:

OTL logfile created on: 1/4/2010 6:34:19 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Mourad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: États-Unis | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 23.54 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
Drive E: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
Drive F: | 31.84 Gb Total Space | 31.75 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 962.70 Mb Total Space | 603.00 Mb Free Space | 62.64% Space Free | Partition Type: FAT

Computer Name: 7206BD0B
Current User Name: Mourad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2010/01/04 06:30:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe
PRC - [2009/10/31 11:23:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/19 23:40:09 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/14 19:19:31 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/09 00:19:35 | 00,581,632 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\ST330\service\st330service.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/23 09:49:16 | 02,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008/12/11 15:58:44 | 00,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/02 13:07:38 | 00,105,208 | ---- | M] () -- C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2005/08/24 14:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
PRC - [2004/04/13 17:12:18 | 00,103,936 | ---- | M] (BonSoft) -- C:\Program Files\ClocX\ClocX.exe

[color=#E56717]========== Modules (SafeList) ==========/color

MOD - [2010/01/04 06:30:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - [2009/12/17 19:00:28 | 00,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/10/31 11:23:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/20 21:52:24 | 00,054,272 | ---- | M] (SolarWinds) [On_Demand | Stopped] -- C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2009/08/19 23:40:09 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 19:19:31 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/09 00:19:35 | 00,581,632 | ---- | M] (THOMSON Telecom Belgium) [Auto | Running] -- C:\Program Files\Thomson\ST330\service\st330service.exe -- (st330service)
SRV - [2009/04/23 06:09:12 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c3c0e7640a00) Service Google Update (gupdate1c9c3c0e7640a00)
SRV - [2008/12/11 15:58:44 | 00,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/04/14 03:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/04/08 09:56:30 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2008/01/22 11:13:26 | 00,275,752 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/01/02 13:07:38 | 00,105,208 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe -- (VService)
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/24 14:00:28 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)

[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [File_System | Unknown | Running] -- -- (pavboot)
DRV - [2009/12/20 11:48:25 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/18 10:23:14 | 00,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2009/11/04 00:04:50 | 00,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\MBR.exe -- (mbr)
DRV - [2009/07/20 04:40:02 | 00,591,832 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slusbvip.sys -- (slusbvip)
DRV - [2009/07/20 04:40:02 | 00,085,656 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slvad.sys -- (SLVAD_simple)
DRV - [2009/07/20 04:40:02 | 00,037,208 | R--- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TLRecAgent.sys -- (TLRecAgent)
DRV - [2009/07/14 19:19:31 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/30 19:43:05 | 00,032,000 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stppp.sys -- (stppp)
DRV - [2009/04/30 19:43:05 | 00,030,464 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\st330.sys -- (ST330)
DRV - [2009/04/30 19:43:05 | 00,012,672 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stbus.sys -- (STBUS)
DRV - [2009/04/30 02:12:13 | 00,130,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/04/14 16:09:56 | 05,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/25 14:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/21 09:38:32 | 00,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009/01/07 23:39:36 | 00,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/12/18 12:16:56 | 00,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 00,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/07 12:44:54 | 00,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/09/22 11:29:18 | 00,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/08/05 20:10:12 | 01,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/02 14:58:48 | 00,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/04/13 21:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 19:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 13:12:06 | 05,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/30 12:25:55 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/10/30 12:25:54 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/10/30 12:25:53 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007/05/31 04:32:34 | 00,099,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2006/01/04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/08/24 13:53:46 | 00,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/08/24 13:51:10 | 01,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/08/24 13:49:12 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/08/24 13:49:04 | 00,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005/08/24 13:48:38 | 00,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/24 13:45:46 | 00,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/08/04 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 16:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

[color=#E56717]========== Standard Registry (SafeList) ==========/color

[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========/color

FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {bb628310-0ab7-11db-9cd8-0800200c9a66}:3.5.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.30
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.0.1
FF - prefs.js..keyword.URL: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA5"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/02 21:30:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/30 13:25:06 | 00,000,000 | ---D | M]

[2009/04/23 02:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Extensions
[2010/01/04 06:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions
[2009/07/26 14:07:30 | 00,000,000 | ---D | M] (Qute) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2009/07/14 13:50:28 | 00,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/12/31 21:06:56 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/06 18:49:13 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/16 10:38:10 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}
[2009/08/26 19:04:39 | 00,001,775 | ---- | M] () -- C:\Documents and Settings\Mourad\Application Data\Mozilla\Firefox\Profiles\moulsvwe.default\searchplugins\live-search.xml
[2010/01/04 06:11:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/11 07:04:59 | 00,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Program Files\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}(2)
[2009/12/30 13:24:59 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/12/30 13:24:59 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/12/30 13:24:59 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/12/30 13:24:59 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/12/30 13:24:59 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (789 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/22 15:04:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:48 | 00,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/02 07:20:50 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/01/01 14:14:44 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2010/01/04 06:29:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe
[2010/01/04 00:34:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/03 20:11:48 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/03 20:06:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/03 20:06:05 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/03 20:06:05 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/03 20:06:05 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/03 20:05:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/03 20:05:46 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/03 20:05:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/03 12:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\WAG54GX2_1005_AnnexA
[2010/01/02 23:13:01 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTM.exe
[2010/01/02 12:10:07 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Mourad\Recent
[2010/01/02 07:36:47 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/02 07:20:48 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2010/01/02 06:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/01/02 06:57:52 | 00,000,000 | ---D | C] -- C:\UsbFix
[2010/01/02 06:48:26 | 00,000,000 | ---D | C] -- C:\rsit
[2010/01/02 05:58:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/01/01 06:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2009/12/31 21:22:41 | 00,130,432 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009/12/31 20:28:50 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2009/12/31 20:28:50 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2009/12/26 18:05:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\CLE USB
[2009/12/25 06:26:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\Incontinence
[2009/12/24 01:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/12/23 21:36:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Desktop\Firewall Traversal
[2009/12/23 18:56:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\Application Data\RealTunnelv2
[2009/12/21 00:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2009/12/21 00:33:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mourad\My Documents\SolarWinds
[2009/12/21 00:32:47 | 00,000,000 | ---D | C] -- C:\Program Files\SolarWinds
[2009/12/20 23:16:19 | 00,729,088 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/12/20 23:16:17 | 00,000,000 | ---D | C] -- C:\Program Files\TFTP Desktop
[2009/12/20 11:33:24 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/12/20 11:33:24 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/12/20 11:31:54 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/07/22 11:20:03 | 00,085,656 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slvad.sys
[2009/07/22 11:19:20 | 00,591,832 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\slusbvip.sys
[2009/07/22 11:19:20 | 00,037,208 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\TLRecAgent.sys
[2009/06/03 15:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/23 12:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/23 06:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/23 02:27:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/23 00:42:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/22 15:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

Réponse 29 / 30

mou_yem Messages postés 116 Statut Membre 1

(suite de OTL.Txt):

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/01/04 06:30:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTL.exe
[2010/01/04 06:12:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/04 06:00:18 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/01/04 05:59:56 | 00,013,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/04 05:58:08 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/04 05:58:06 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2010/01/04 05:58:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/04 05:57:54 | 32,121,03680 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/04 05:57:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/04 05:54:33 | 09,437,184 | ---- | M] () -- C:\Documents and Settings\Mourad\ntuser.dat
[2010/01/04 05:54:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Mourad\ntuser.ini
[2010/01/04 01:09:51 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{894F263C-E34C-448D-AD66-4A9A7005FF4A}.job
[2010/01/03 22:26:20 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/03 21:38:29 | 00,274,952 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\Sans nom 1.pdf
[2010/01/03 20:16:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/03 20:11:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/03 19:23:44 | 03,818,002 | R--- | M] () -- C:\Documents and Settings\Mourad\Desktop\ComboFix.exe
[2010/01/03 07:16:32 | 06,441,045 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\WAG54GX2_1005_AnnexA.zip
[2010/01/02 23:14:27 | 00,452,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mourad\Desktop\OTM.exe
[2010/01/02 13:23:01 | 35,293,542 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\UsbFix_Upload_Me_7206BD0B.zip
[2010/01/02 06:47:55 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\RSIT.exe
[2010/01/01 18:33:07 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Mourad\PUTTY.RND
[2010/01/01 06:58:49 | 00,000,566 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Anonine.lnk
[2010/01/01 06:39:55 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\OpenVPN GUI.lnk
[2010/01/01 04:54:03 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/01 02:52:53 | 26,257,920 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\yeynch52.exe
[2009/12/31 07:27:51 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ItsHidden.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 05:57:48 | 00,370,712 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100101-032351.backup
[2009/12/25 05:57:49 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\Mourad\Desktop\Google Chrome.lnk
[2009/12/25 05:53:47 | 00,370,712 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091228-055748.backup
[2009/12/24 07:04:31 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091225-055347.backup
[2009/12/24 02:16:26 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/20 23:35:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\tftpdesk.INI
[2009/12/20 23:16:11 | 00,729,088 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/12/20 11:48:25 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/01/03 21:38:29 | 00,274,952 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\Sans nom 1.pdf
[2010/01/03 20:11:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/03 20:11:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/03 20:06:05 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/03 20:06:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/03 20:06:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/03 20:06:05 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/03 20:06:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/03 19:20:41 | 03,818,002 | R--- | C] () -- C:\Documents and Settings\Mourad\Desktop\ComboFix.exe
[2010/01/03 07:14:53 | 06,441,045 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\WAG54GX2_1005_AnnexA.zip
[2010/01/02 07:22:36 | 35,293,542 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\UsbFix_Upload_Me_7206BD0B.zip
[2010/01/02 06:47:49 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\RSIT.exe
[2010/01/01 06:58:49 | 00,000,566 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Anonine.lnk
[2010/01/01 06:39:55 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\OpenVPN GUI.lnk
[2010/01/01 02:44:36 | 26,257,920 | ---- | C] () -- C:\Documents and Settings\Mourad\Desktop\yeynch52.exe
[2009/12/31 07:27:51 | 00,000,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ItsHidden.lnk
[2009/12/24 02:16:26 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/20 23:35:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tftpdesk.INI
[2009/11/05 06:55:16 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\Mourad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 14:29:40 | 00,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/10/20 00:48:58 | 00,177,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/10 16:55:03 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/22 11:20:03 | 00,248,664 | R--- | C] () -- C:\WINDOWS\System32\slvipgx.dll
[2009/07/22 11:11:43 | 00,150,368 | R--- | C] () -- C:\WINDOWS\System32\slvipco.dll
[2009/07/22 11:09:46 | 00,000,077 | ---- | C] () -- C:\WINDOWS\slsetup.ini
[2009/06/06 17:43:47 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/05/12 14:39:13 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/30 02:34:43 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/04/30 02:22:12 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/04/25 06:08:05 | 00,000,223 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/04/22 15:16:50 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/04/22 15:13:26 | 00,000,535 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/04/22 15:13:22 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/04/22 15:06:55 | 00,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/06 05:50:57 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2008/12/07 12:44:54 | 00,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2007/10/25 13:04:22 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\keyyofaxmon.dll
[2005/08/24 13:56:04 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2009/04/22 15:04:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/09 04:06:08 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/03 20:11:55 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 00,260,272 | ---- | M] () -- C:\cmldr
[2010/01/03 20:18:37 | 00,021,174 | ---- | M] () -- C:\ComboFix.txt
[2009/04/22 15:04:26 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/01/04 05:57:54 | 32,121,03680 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/21 15:37:45 | 08,407,882 | ---- | M] () -- C:\immudebug.log
[2009/04/22 15:04:26 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/23 14:19:47 | 00,001,035 | ---- | M] () -- C:\JavaRa.log
[2009/04/22 15:04:26 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 15:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/23 01:29:25 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/04 05:57:44 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys
[2009/04/22 15:06:56 | 00,001,392 | ---- | M] () -- C:\Recovery-Info.lnk
[2009/12/29 13:48:37 | 00,001,608 | ---- | M] () -- C:\resiplog.txt
[2009/06/12 22:29:38 | 00,058,752 | ---- | M] () -- C:\resultat.txt
[2009/06/12 22:28:37 | 20,320,679 | ---- | M] () -- C:\upload_moi_MOURAD-7206BD0B.tar.gz
[2010/01/02 07:25:54 | 00,005,860 | ---- | M] () -- C:\UsbFix.txt

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2009/10/15 18:21:03 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/14 19:20:20 | 00,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/07/14 11:22:05 | 00,000,000 | ---D | M] -- C:\Program Files\Belkin
[2009/04/22 18:59:18 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/05/05 19:18:40 | 00,000,000 | ---D | M] -- C:\Program Files\CDex_150
[2009/06/08 05:17:07 | 00,000,000 | ---D | M] -- C:\Program Files\Ciel
[2009/04/23 02:16:12 | 00,000,000 | ---D | M] -- C:\Program Files\ClocX
[2010/01/03 20:16:03 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/04/22 15:01:13 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/22 11:34:30 | 00,000,000 | ---D | M] -- C:\Program Files\D-Link
[2009/07/17 10:28:27 | 00,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2009/08/13 02:00:57 | 00,000,000 | ---D | M] -- C:\Program Files\ESTsoft
[2009/04/23 06:11:42 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/24 07:03:09 | 00,000,000 | ---D | M] -- C:\Program Files\Google Chrome
[2009/06/06 17:48:21 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/06/06 17:48:45 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2009/12/31 21:22:37 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/23 01:59:21 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/12/20 11:47:24 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/06/06 19:44:53 | 00,000,000 | ---D | M] -- C:\Program Files\IVT Corporation
[2009/04/23 14:18:44 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/10/31 11:27:54 | 00,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/04/23 17:22:36 | 00,000,000 | ---D | M] -- C:\Program Files\jv16 PowerTools
[2009/08/15 19:10:17 | 00,000,000 | ---D | M] -- C:\Program Files\Keyyo Softphone X-Lite
[2009/08/18 06:19:28 | 00,000,000 | ---D | M] -- C:\Program Files\Keyyo X-PRO
[2009/08/20 17:40:59 | 00,000,000 | ---D | M] -- C:\Program Files\KeyyoFax
[2009/04/24 19:55:54 | 00,000,000 | ---D | M] -- C:\Program Files\Lavalys
[2010/01/01 02:41:10 | 00,000,000 | ---D | M] -- C:\Program Files\ma-config.com
[2010/01/01 03:18:48 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/23 16:56:32 | 00,000,000 | ---D | M] -- C:\Program Files\media-player-classic_media_player_classic_6.4.9.1_build_20081210_francais_11019
[2009/04/23 01:38:49 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/08/26 19:13:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/04/22 15:07:12 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/04/23 01:34:18 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/01/04 06:33:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/05/05 21:13:41 | 00,000,000 | ---D | M] -- C:\Program Files\MP3Gain
[2009/04/23 17:08:42 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/04/22 15:00:09 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/04/22 15:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/05/04 19:45:15 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2009/04/23 14:21:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/04/23 07:28:10 | 00,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/04/23 01:31:36 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/04/22 17:07:13 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/10/31 13:06:29 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/01/04 06:12:09 | 00,000,000 | ---D | M] -- C:\Program Files\OpenVPN
[2009/10/31 08:37:47 | 00,000,000 | ---D | M] -- C:\Program Files\Opera
[2009/08/13 03:01:58 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/04 06:12:37 | 00,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2009/08/26 23:08:42 | 00,000,000 | ---D | M] -- C:\Program Files\Patch MsnCreative
[2010/01/01 01:34:16 | 00,000,000 | ---D | M] -- C:\Program Files\PC Tools Firewall Plus
[2010/01/02 13:23:59 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/12/31 21:22:40 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/04/23 17:08:32 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/12/24 01:52:43 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/12/21 00:32:47 | 00,000,000 | ---D | M] -- C:\Program Files\SolarWinds
[2009/12/20 11:49:57 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/21 00:47:02 | 00,000,000 | ---D | M] -- C:\Program Files\TFTP Desktop
[2009/04/30 19:51:01 | 00,000,000 | ---D | M] -- C:\Program Files\Thomson
[2009/06/07 13:23:33 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/04/22 15:10:44 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/23 02:20:39 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/05/04 19:45:40 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/04 19:44:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/04/23 02:26:39 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/04/23 02:28:24 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/04/23 01:31:33 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/04/22 15:03:17 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/04/22 15:07:12 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/01/04 06:14:12 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 21:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 21:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 15:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color]
[2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008/04/14 03:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe
[2004/08/04 15:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2004/08/04 15:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 15:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 15:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 15:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2004/09/26 16:24:54 | 00,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >[/color]
[2008/04/14 03:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 03:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 03:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 15:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color]
[2009/03/21 16:54:07 | 00,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 15:00:00 | 00,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009/03/21 17:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 17:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 03:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 03:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 16:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color]
[2008/06/20 20:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 20:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 15:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 20:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 03:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 03:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 20:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/13 22:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 15:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 03:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 03:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 15:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >[/color]
[2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008/04/13 22:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 15:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

[color=#A23BEC]< MD5 for: NTMSSVC.DLL >[/color]
[2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache\ntmssvc.dll
[2008/04/14 03:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 15:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2004/09/02 10:24:38 | 00,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color]
[2004/08/04 15:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 03:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 03:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 03:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >[/color]
[2004/08/04 15:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 03:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 15:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: SFCFILES.DLL >[/color]
[2004/08/04 15:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll
[2008/04/14 03:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

[color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color]
[2004/08/04 15:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008/04/14 03:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/14 03:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/14 03:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2008/04/14 03:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 03:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 15:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

[color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color]
[2004/08/04 15:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 03:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 03:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 03:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2004/08/04 15:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 03:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

[color=#A23BEC]< MD5 for: VIAMRAID.SYS >[/color]
[2004/05/18 16:55:26 | 00,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys

[color=#A23BEC]< MD5 for: WS2_32.DLL >[/color]
[2008/04/14 03:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 03:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 03:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 15:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

[color=#A23BEC]< MD5 for: XMLPROV.DLL >[/color]
[2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\dllcache\xmlprov.dll
[2008/04/14 03:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 15:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

Réponse 30 / 30

mou_yem Messages postés 116 Statut Membre 1

et le second:
- Extras.Txt:

OTL Extras logfile created on: 1/4/2010 6:34:19 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Mourad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: États-Unis | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.07 Gb Total Space | 23.54 Gb Free Space | 60.26% Space Free | Partition Type: NTFS
Drive D: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.74% Space Free | Partition Type: NTFS
Drive E: | 39.07 Gb Total Space | 38.97 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
Drive F: | 31.84 Gb Total Space | 31.75 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 962.70 Mb Total Space | 603.00 Mb Free Space | 62.64% Space Free | Partition Type: FAT

Computer Name: 7206BD0B
Current User Name: Mourad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"5060:UDP" = 5060:UDP:*:Enabled:5060
"5061:UDP" = 5061:UDP:*:Enabled:5061
"16384:UDP" = 16384:UDP:*:Enabled:16384
"16482:UDP" = 16482:UDP:*:Enabled:16482
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Thomson\ST330\service\st330service.exe" = C:\Program Files\Thomson\ST330\service\st330service.exe:*:Enabled:ST330 service -- (THOMSON Telecom Belgium)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A7AB28D-E7DE-458A-9243-663DADDEE290}" = D-Link USB VoIP Adapter
"{0A7AB28D-E7DE-458A-9243-663DADDEE290}SL" = D-Link USB VoIP Adapter
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18754BA4-4F0C-4E6E-888B-9496AFA05F43}" = Ma-Config.com
"{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4B296228-DF7C-43EA-8DED-76027355B219}" = Opera 10.01
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB8DD4C1-6237-455E-AF09-86296B3E3EE0}" = Ciel Auto-entrepreneur Facile 1.30
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{ECA2B21B-A180-4775-B93F-6E404E36A8CC}" = MSRuntime Libraries
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"ClocX" = ClocX (1.4)
"Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000)
"Defraggler" = Defraggler (remove only)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{1AA86313-B188-498D-91CF-D017AC5A82A5}" = SolarWinds TFTP Server
"jv16 PowerTools_is1" = jv16 PowerTools 1.3
"Keyyo Softphone_is1" = Keyyo Softphone 2.0 release 1105c
"KeyyoFax" = KeyyoFax 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedTouch 330" = SpeedTouch 330
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"cf6c187cd4791543" = e-parcours
"Google Chrome" = Google Chrome
"Live Search" = Notification Live Search

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 1/1/2010 4:14:34 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 5:14:34 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/1/2010 6:14:34 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/2/2010 4:12:05 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/2/2010 5:12:05 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/2/2010 6:12:30 AM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/2/2010 7:12:15 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/2/2010 8:12:14 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/2/2010 9:12:39 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

Error - 1/2/2010 10:12:39 PM | Computer Name = 7206BD0B | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 1/3/2010 7:24:55 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5

Error - 1/3/2010 7:24:57 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5

Error - 1/3/2010 7:25:00 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5

Error - 1/3/2010 7:25:03 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5

Error - 1/3/2010 7:25:05 AM | Computer Name = 7206BD0B | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour Type avec l'erreur : %%5

Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 1/3/2010 10:44:27 AM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

Error - 1/3/2010 1:24:52 PM | Computer Name = 7206BD0B | Source = ipnathlp | ID = 31012
Description = L'agent proxy DNS a rencontré une erreur lors de l'obtention de la
liste locale des serveurs de résolution de noms. Des serveurs DNS ou WINS peuvent
être inaccessibles aux clients sur le réseau local. La donnée est le code de l'erreur.

< End of report >

PC infecté, a l'aide !!!

30 réponses

Votre réponse

Newsletters