PC infecté, demande d'étude de rapports d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

PC infecté, demande d'étude de rapports d'analyse

Messagede galaktika » 02 Nov 2011, 19:21

Bonjour, en esperant ne pas rater une demarche..
mon pc, windows seven 32b, antivir, firefox, semble ralenti, un écran bleu m'a obligé a redemarrer en mode sans echec, une première fois j'ai appliqué spybot mis a jour, ensuite j'ai suivi la procédure proposée sur ce forum:

le rapport de Malwarebytes:
Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Version de la base de données: 8068

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

02/11/2011 16:48:35
mbam-log-2011-11-02 (16-48-24).txt

suite...

Type d'examen: Examen rapide
Elément(s) analysé(s): 180163
Temps écoulé: 7 minute(s), 47 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\hpbcfgre.dll (Spyware.OnlineGames) -> No action taken.

________________________________________
galaktika
 
Messages: 6
Inscription: 02 Nov 2011, 16:07

Re: PC infecté, demande d'étude de rapports d'analyse

Messagede galaktika » 02 Nov 2011, 19:23

Le rapport OTL.Txt

OTL logfile created on: 02/11/2011 16:59:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Svetlana\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,84 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 59,86% Memory free
5,68 Gb Paging File | 4,17 Gb Available in Paging File | 73,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 17,05 Gb Free Space | 11,31% Space Free | Partition Type: NTFS
Drive E: | 145,97 Gb Total Space | 15,06 Gb Free Space | 10,32% Space Free | Partition Type: NTFS

Computer Name: SVETLANA2 | User Name: Svetlana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/02 16:14:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Svetlana\Desktop\OTL.exe
PRC - [2011/09/05 12:30:35 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011/09/05 12:30:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/27 21:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 18:24:08 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/08/17 13:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/02 00:15:44 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:15:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/14 22:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/03 08:19:42 | 000,053,248 | ---- | M] (HP) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
PRC - [2009/12/02 13:51:12 | 000,136,192 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2009/07/20 13:29:00 | 000,484,920 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2009/04/10 16:09:38 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2009/03/17 13:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/12/17 03:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/08/31 07:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
PRC - [2007/07/06 12:14:02 | 005,730,304 | ---- | M] () -- C:\PROGRA~1\Logicmax\mysql-5.0\bin\MYSQLD~2.EXE
PRC - [2007/02/12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/20 13:29:01 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll
MOD - [2011/10/20 13:28:42 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/20 13:28:06 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2011/10/20 13:27:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/20 13:27:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/20 13:27:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/20 13:27:23 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/20 13:27:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 00:35:38 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/03/30 13:58:54 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2010/02/19 07:46:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/12/03 08:18:56 | 000,516,096 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
MOD - [2009/12/03 08:18:52 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
MOD - [2009/12/03 08:18:50 | 000,069,632 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
MOD - [2009/12/03 08:18:50 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
MOD - [2009/07/14 09:39:04 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2007/08/31 07:59:28 | 000,057,344 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/08/31 07:59:28 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\hppusg.exe
MOD - [2007/08/31 07:59:26 | 000,114,688 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/08/31 07:59:26 | 000,036,864 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\Enumeration.dll
MOD - [2007/08/31 07:59:10 | 000,065,536 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPTools.dll
MOD - [2007/08/31 07:59:04 | 000,016,384 | ---- | M] () -- C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (LogicmaxMySQL-5.0)
SRV - [2011/09/05 12:30:35 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/09/05 12:30:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 18:24:08 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/24 14:40:42 | 000,114,688 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Bouygues Telecom\Internet 3G+\RcAppSvc.exe -- (BouyguesRcAppSvc)
SRV - [2010/06/24 14:40:22 | 000,118,784 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Bouygues Telecom\Internet 3G+\conappssvc.exe -- (CABouygues)
SRV - [2010/06/09 23:28:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/02 13:51:12 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/17 13:36:12 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/12/17 03:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/02/12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (O2FLASH)
SRV - [2007/01/11 03:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2011/09/05 12:30:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/05 12:30:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/02/10 22:48:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/24 14:28:02 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/06/24 14:26:06 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/06/17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/07 11:46:56 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Pilote de carte Intel(R)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Pilote de carte de liaison WiFi sans fil Intel(R)
DRV - [2009/06/23 00:27:14 | 000,487,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/04/10 16:09:40 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2009/03/23 16:28:24 | 000,054,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/03/19 13:07:32 | 000,043,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/03/12 10:33:08 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/03/05 10:03:16 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/03/03 14:42:56 | 000,036,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/02/19 15:20:10 | 000,063,872 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/06 16:56:38 | 000,137,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/25 12:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/03/04 08:12:06 | 000,048,600 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/16 22:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 22:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2207610
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 D2 AB 20 D9 51 CB 01 [binary data]
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\..\URLSearchHook: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic France FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: development@add-art.org:0.8.55
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.4
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Video Convert Master\codec\real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Video Convert Master\codec\real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Svetlana\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Svetlana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Svetlana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Svetlana\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Svetlana\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/02/03 22:43:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 17:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 21:16:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/02/03 22:43:31 | 000,000,000 | ---D | M]

[2010/02/18 00:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svetlana\AppData\Roaming\mozilla\Extensions
[2011/10/03 16:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svetlana\AppData\Roaming\mozilla\Firefox\Profiles\ug92vej5.default\extensions
[2011/09/28 01:41:27 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Svetlana\AppData\Roaming\mozilla\Firefox\Profiles\ug92vej5.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/12/10 21:23:11 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Svetlana\AppData\Roaming\mozilla\Firefox\Profiles\ug92vej5.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/09/12 18:27:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Svetlana\AppData\Roaming\mozilla\Firefox\Profiles\ug92vej5.default\extensions\toolbar@ask.com
[2010/11/02 15:56:20 | 000,000,939 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ug92vej5.default\searchplugins\conduit.xml
[2011/10/31 04:32:26 | 000,002,294 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ug92vej5.default\searchplugins\fenopy.xml
[2011/10/31 04:32:27 | 000,002,543 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ug92vej5.default\searchplugins\kickasstorrents.xml
[2010/08/14 10:43:46 | 000,001,050 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ug92vej5.default\searchplugins\torrentfinder.xml
[2011/07/18 12:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/07/16 17:19:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/02 19:03:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/24 08:07:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 09:13:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/14 14:13:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/18 12:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SVETLANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UG92VEJ5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SVETLANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UG92VEJ5.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\SVETLANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UG92VEJ5.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
[2011/10/03 17:08:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 09:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/01 09:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 09:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\13.0.782.215\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Svetlana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Svetlana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Svetlana\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/02 11:05:56 | 000,440,064 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15139 more lines...
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\..\Toolbar\WebBrowser: (Softonic France FF Toolbar) - {6D6B212B-2245-4898-8B16-9A11B81FF9E1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP LaserJet M1522 MFP Series Fax] C:\Program Files\HP\hp LaserJet M1522\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001..\Run: [] File not found
O4 - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001..\Run: [EPSON BX300F Series locale] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001..\Run: [EPSON BX300F Seriesloc] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Svetlana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Svetlana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Svetlana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Svetlana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2412CB93-E31D-43F5-9754-92972EBDB457}: DhcpNameServer = 62.201.129.99 62.201.159.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AAB1DC9-23D1-47C9-B38C-04AA43810196}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD033F6C-64F9-41CF-804A-F75BE4661552}: DhcpNameServer = 212.27.40.240 212.27.40.241
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{143c77a7-baa7-11df-8101-00037a911ba8}\Shell - "" = AutoRun
O33 - MountPoints2\{143c77a7-baa7-11df-8101-00037a911ba8}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a368b3c1-cdfd-11df-a952-00037a911ba8}\Shell - "" = AutoRun
O33 - MountPoints2\{a368b3c1-cdfd-11df-a952-00037a911ba8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{c18ce019-9984-11df-ba49-00037a911ba8}\Shell - "" = AutoRun
O33 - MountPoints2\{c18ce019-9984-11df-ba49-00037a911ba8}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{c235d5ad-355f-11e0-84fd-00037a911ba8}\Shell - "" = AutoRun
O33 - MountPoints2\{c235d5ad-355f-11e0-84fd-00037a911ba8}\Shell\AutoRun\command - "" = F:\LaunchBFII.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 16:26:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/02 16:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/02 16:21:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Svetlana\Desktop\erunt-setup.exe
[2011/11/02 16:18:54 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Roaming\Malwarebytes
[2011/11/02 16:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/02 16:18:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/02 16:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/02 16:16:25 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Svetlana\Desktop\mbam-setup-1.51.2.1300.exe
[...]
galaktika
 
Messages: 6
Inscription: 02 Nov 2011, 16:07

Re: PC infecté, demande d'étude de rapports d'analyse

Messagede galaktika » 02 Nov 2011, 19:24

[...]

[2011/11/02 16:14:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Svetlana\Desktop\OTL.exe
[2011/10/31 04:32:08 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{E27CA391-A2C6-4D42-87BB-2810E73A6CAD}
[2011/10/31 04:31:53 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{F743B5E4-123D-495B-B7F8-77D4B9BD41D0}
[2011/10/26 16:42:02 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{044941D5-9E0C-4D82-9F99-109695BADA1F}
[2011/10/26 16:41:46 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{C553A29F-9F9F-4DB0-92B5-BF258308EE61}
[2011/10/25 20:56:47 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{6D85E284-D5BE-4BB1-B875-CF22C6EC0294}
[2011/10/25 20:56:35 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{B80AAEA2-36C6-4985-937C-B806DA3D5B99}
[2011/10/24 15:32:40 | 000,000,000 | ---D | C] -- C:\Windows\sesam
[2011/10/23 19:04:21 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{CF65373F-B7A2-4666-9352-2B8C9EF4722B}
[2011/10/23 19:04:02 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{EC86BD13-622F-4A1C-B29E-7714CF087A08}
[2011/10/22 09:23:00 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{2F6743D4-D7A6-4410-A46B-2B0BE0B80E3F}
[2011/10/22 09:22:48 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{AB2098C4-B2EB-4E57-9F15-B053747ED670}
[2011/10/20 23:36:11 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{4C66145E-8A88-4B7C-BDDD-DA5C3864E9C6}
[2011/10/20 23:35:57 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{E19FA2E3-E37A-4CDA-BBD8-BEF9E4673339}
[2011/10/19 19:04:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/19 19:04:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/19 19:04:52 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/19 19:04:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/19 19:04:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/19 18:58:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/19 18:58:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/19 18:57:52 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/19 12:46:01 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{80E2D01E-9206-45B5-A96D-0CA504DE0398}
[2011/10/19 12:45:49 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{1D058C3B-C768-43F0-8143-614CB9B64AAC}
[2011/10/15 20:07:19 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{537D8953-21ED-45BF-BDD4-F415EF086161}
[2011/10/15 20:07:04 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{3469718D-8334-45C9-922A-DB4A356B64E1}
[2011/10/12 19:19:12 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{1977AC99-2DAD-449E-B792-D50637A94BBB}
[2011/10/12 19:18:59 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{5AFE5E51-2859-4C57-BC06-26ECE9037AF6}
[2011/10/10 18:59:46 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{7F8ED2EB-0CB9-4F18-BF95-4FB38519E5B7}
[2011/10/10 18:59:33 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{A2C998A8-E3B0-4804-8378-236FC6D99AC6}
[2011/10/07 16:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/10/07 16:21:29 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{7E091634-8FD9-4DF0-B350-954534394476}
[2011/10/07 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{77B1C368-8B5B-48C2-9B4B-4BE0FDBA9B40}
[2011/10/05 01:28:37 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{42C76900-93D2-447B-9C88-314078649A1D}
[2011/10/05 01:28:25 | 000,000,000 | ---D | C] -- C:\Users\Svetlana\AppData\Local\{E73F748E-9BC5-441A-BC2B-D8108B964235}
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/17 13:50:36 | 000,321,080 | ---- | C] (Hewlett-Packard) -- C:\Program Files\Install.exe
[2010/08/17 13:23:42 | 000,102,912 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpmco107.dll
[2010/08/17 13:23:26 | 003,390,464 | ---- | C] (Hewlett-Packard) -- C:\Program Files\Install.dll
[2009/02/25 19:01:12 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpmprein.dll
[2009/02/25 19:01:12 | 000,286,720 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\Hpzc3212.dll
[2009/02/25 18:59:02 | 000,188,416 | ---- | C] (Hewlett Packard) -- C:\Program Files\hpmews01.dll
[2009/02/25 18:58:56 | 000,026,648 | ---- | C] (Hewlett Packard) -- C:\Program Files\hppcgenio.sys
[2009/02/25 18:58:56 | 000,026,136 | ---- | C] (Hewlett Packard) -- C:\Program Files\hpfxgen.sys
[2009/02/25 18:58:56 | 000,020,504 | ---- | C] (Hewlett Packard) -- C:\Program Files\hppcbulkio.sys
[2009/02/25 18:58:56 | 000,017,432 | ---- | C] (Hewlett Packard) -- C:\Program Files\hpfxbulk.sys
[2009/02/09 15:49:46 | 000,188,416 | ---- | C] (Hewlett Packard) -- C:\Program Files\hpmldm01.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 17:02:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/11/02 17:00:05 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/02 16:48:32 | 000,000,470 | ---- | M] () -- C:\Windows\GALSS.INI
[2011/11/02 16:35:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242965286-1668507305-2706088939-1001UA.job
[2011/11/02 16:24:07 | 000,001,083 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/02 16:21:50 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Svetlana\Desktop\erunt-setup.exe
[2011/11/02 16:16:41 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Svetlana\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/02 16:14:32 | 000,000,417 | ---- | M] () -- C:\Users\Svetlana\Desktop\scan.zip
[2011/11/02 16:14:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Svetlana\Desktop\OTL.exe
[2011/11/02 15:35:01 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1242965286-1668507305-2706088939-1001Core.job
[2011/11/02 11:05:56 | 000,440,064 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/02 11:02:48 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 11:02:48 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 11:00:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/02 10:58:32 | 000,695,004 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/11/02 10:58:32 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/02 10:58:32 | 000,127,684 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/11/02 10:58:32 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/02 10:54:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/02 10:53:55 | 2287,620,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 18:02:12 | 000,420,154 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20111102-110556.backup
[2011/10/31 17:26:04 | 000,001,249 | ---- | M] () -- C:\Users\Svetlana\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/25 21:32:36 | 000,000,036 | ---- | M] () -- C:\Users\Svetlana\AppData\Local\housecall.guid.cache
[2011/10/24 15:33:32 | 000,000,344 | ---- | M] () -- C:\Windows\sesam.ini
[2011/10/20 13:26:25 | 000,350,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 13:37:32 | 000,012,998 | ---- | M] () -- C:\Users\Svetlana\Desktop\planning-seminaire-1-oct-2011-etudiants.pdf
[2011/10/13 13:37:21 | 000,021,023 | ---- | M] () -- C:\Users\Svetlana\Desktop\seminaires-2011-2012.pdf
[2011/10/07 16:56:50 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/10/03 17:08:21 | 000,002,007 | ---- | M] () -- C:\Users\Svetlana\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/02 17:02:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/11/02 16:24:07 | 000,001,083 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/02 16:14:30 | 000,000,417 | ---- | C] () -- C:\Users\Svetlana\Desktop\scan.zip
[2011/10/25 21:32:36 | 000,000,036 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\housecall.guid.cache
[2011/10/24 15:33:32 | 000,000,470 | ---- | C] () -- C:\Windows\GALSS.INI
[2011/10/13 13:37:32 | 000,012,998 | ---- | C] () -- C:\Users\Svetlana\Desktop\planning-seminaire-1-oct-2011-etudiants.pdf
[2011/10/13 13:37:21 | 000,021,023 | ---- | C] () -- C:\Users\Svetlana\Desktop\seminaires-2011-2012.pdf
[2011/10/07 16:56:50 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/05/20 21:16:32 | 000,195,454 | ---- | C] () -- C:\Users\Svetlana\AppData\Roaming\UserTile.png
[2011/03/27 20:45:11 | 000,115,292 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/01/03 20:04:56 | 000,000,199 | ---- | C] () -- C:\Windows\System32\AddPort.ini
[2011/01/03 20:04:19 | 000,000,716 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2010/10/27 16:26:14 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/09/01 16:21:28 | 000,261,237 | ---- | C] () -- C:\Program Files\hpcu107c.cat
[2010/09/01 16:21:28 | 000,220,650 | ---- | C] () -- C:\Program Files\hpzius13.cat
[2010/09/01 16:21:28 | 000,220,187 | ---- | C] () -- C:\Program Files\hpzipa13.cat
[2010/09/01 16:21:28 | 000,218,806 | ---- | C] () -- C:\Program Files\hpmldm01.cat
[2010/09/01 16:21:28 | 000,218,798 | ---- | C] () -- C:\Program Files\hpmews01.cat
[2010/09/01 16:21:28 | 000,218,335 | ---- | C] () -- C:\Program Files\hpzid4vp.cat
[2010/09/01 16:21:28 | 000,217,874 | ---- | C] () -- C:\Program Files\hpzist13.cat
[2010/09/01 16:21:28 | 000,217,874 | ---- | C] () -- C:\Program Files\hpzipr13.cat
[2010/09/01 16:21:28 | 000,217,874 | ---- | C] () -- C:\Program Files\hpzid413.cat
[2010/09/01 16:21:28 | 000,217,411 | ---- | C] () -- C:\Program Files\hppfaxnd.cat
[2010/09/01 16:21:28 | 000,217,409 | ---- | C] () -- C:\Program Files\hppscnd.cat
[2010/09/01 16:21:28 | 000,217,409 | ---- | C] () -- C:\Program Files\hppewnd.cat
[2010/08/25 08:22:56 | 000,079,272 | ---- | C] () -- C:\Program Files\hpcu107c.inf
[2010/08/21 22:49:10 | 000,905,728 | ---- | C] () -- C:\Windows\System32\Pano12.dll
[2010/08/17 13:51:38 | 000,006,385 | ---- | C] () -- C:\Program Files\p6i2trww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2viww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2ukww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2thww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2srww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2slww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2skww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2roww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2lvww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2ltww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2kkww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2idww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2hrww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2etww.cab
[2010/08/17 13:51:38 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2bgww.cab
[2010/08/17 13:51:38 | 000,005,845 | ---- | C] () -- C:\Program Files\p6i2esww.cab
[2010/08/17 13:51:38 | 000,005,795 | ---- | C] () -- C:\Program Files\p6i2svww.cab
[2010/08/17 13:51:36 | 012,600,667 | ---- | C] () -- C:\Program Files\hpcu107c.cab
[2010/08/17 13:51:36 | 000,006,923 | ---- | C] () -- C:\Program Files\p6i2deww.cab
[2010/08/17 13:51:36 | 000,006,829 | ---- | C] () -- C:\Program Files\p6i2frww.cab
[2010/08/17 13:51:36 | 000,006,815 | ---- | C] () -- C:\Program Files\p6i2plww.cab
[2010/08/17 13:51:36 | 000,006,729 | ---- | C] () -- C:\Program Files\p6i2csww.cab
[2010/08/17 13:51:36 | 000,006,675 | ---- | C] () -- C:\Program Files\p6i2huww.cab
[2010/08/17 13:51:36 | 000,006,461 | ---- | C] () -- C:\Program Files\p6i2ptww.cab
[2010/08/17 13:51:36 | 000,006,055 | ---- | C] () -- C:\Program Files\p6i2nlww.cab
[2010/08/17 13:51:36 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2noww.cab
[2010/08/17 13:51:36 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2heww.cab
[2010/08/17 13:51:36 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2fiww.cab
[2010/08/17 13:51:36 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2enww.cab
[2010/08/17 13:51:36 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2elww.cab
[2010/08/17 13:51:36 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2daww.cab
[2010/08/17 13:51:36 | 000,006,049 | ---- | C] () -- C:\Program Files\p6i2arww.cab
[2010/08/17 13:51:36 | 000,005,919 | ---- | C] () -- C:\Program Files\p6i2ruww.cab
[2010/08/17 13:51:36 | 000,005,903 | ---- | C] () -- C:\Program Files\p6i2itww.cab
[2010/08/17 13:51:36 | 000,005,845 | ---- | C] () -- C:\Program Files\p6i2caww.cab
[2010/08/17 13:51:36 | 000,005,673 | ---- | C] () -- C:\Program Files\p6i2jaww.cab
[2010/08/17 13:51:36 | 000,005,321 | ---- | C] () -- C:\Program Files\p6i2koww.cab
[2010/08/17 13:51:36 | 000,004,943 | ---- | C] () -- C:\Program Files\P6i2zhcn.cab
[2010/08/17 13:51:36 | 000,004,365 | ---- | C] () -- C:\Program Files\p6i2zhtw.cab
[2010/08/07 14:51:34 | 000,219,819 | ---- | C] () -- C:\Program Files\hpcpu107.cfg
[2010/08/07 14:51:00 | 000,005,740 | ---- | C] () -- C:\Program Files\hppldcoi.config
[2010/08/07 14:51:00 | 000,001,165 | ---- | C] () -- C:\Program Files\hpmprein.config
[2010/07/28 20:01:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/07/28 20:01:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/07/28 20:01:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/07/27 22:14:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/06/28 12:40:09 | 000,172,226 | ---- | C] () -- C:\Windows\hppins08.dat.temp
[2010/06/28 12:40:09 | 000,001,116 | ---- | C] () -- C:\Windows\hppmdl08.dat.temp
[2010/05/17 10:19:48 | 000,003,449 | ---- | C] () -- C:\Program Files\hpmldm01.inf
[2010/03/30 13:57:48 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2010/03/30 13:57:48 | 000,000,186 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2010/03/30 13:56:02 | 000,000,392 | ---- | C] () -- C:\Windows\hpbvspst.ini
[2010/03/30 13:54:11 | 000,172,126 | ---- | C] () -- C:\Windows\System32\hppins08.dat
[2010/03/30 13:54:11 | 000,164,778 | ---- | C] () -- C:\Windows\hppins08.dat
[2010/03/30 13:54:11 | 000,001,116 | ---- | C] () -- C:\Windows\hppmdl08.dat
[2010/03/30 13:53:27 | 000,000,685 | ---- | C] () -- C:\Windows\System32\hppapr08.dat
[2010/03/03 16:23:08 | 000,235,620 | ---- | C] () -- C:\Program Files\hpzius13.inf
[2010/03/03 16:23:08 | 000,198,448 | ---- | C] () -- C:\Program Files\hpzid413.inf
[2010/03/03 16:23:08 | 000,083,790 | ---- | C] () -- C:\Program Files\hpzipr13.inf
[2010/03/02 16:52:04 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/02 15:43:55 | 000,045,056 | ---- | C] () -- C:\Windows\atlw32.dll
[2010/03/02 15:43:55 | 000,000,344 | ---- | C] () -- C:\Windows\sesam.ini
[2010/03/02 09:00:40 | 000,051,428 | ---- | C] () -- C:\Program Files\hpzid4vp.inf
[2010/03/02 09:00:38 | 000,162,112 | ---- | C] () -- C:\Program Files\hpzipa13.inf
[2010/03/02 09:00:38 | 000,006,066 | ---- | C] () -- C:\Program Files\hpzist13.inf
[2010/02/26 10:28:38 | 000,072,704 | ---- | C] () -- C:\Users\Svetlana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/25 22:53:00 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/02/25 20:20:18 | 003,210,240 | ---- | C] () -- C:\Program Files\hpbcfgre.dll
[2010/02/21 03:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/12/15 01:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/11/30 11:22:12 | 000,003,212 | ---- | C] () -- C:\Program Files\hppscnd.inf
[2009/09/28 14:39:16 | 000,002,175 | ---- | C] () -- C:\Program Files\hppfaxnd.inf
[2009/09/28 14:37:52 | 000,001,134 | ---- | C] () -- C:\Program Files\hppewnd.inf
[2009/09/10 10:13:38 | 000,007,610 | ---- | C] () -- C:\Program Files\hpmews01.inf
[2009/08/16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/14 09:39:49 | 000,695,004 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/14 09:39:49 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/14 09:39:49 | 000,127,684 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/14 09:39:49 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,350,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/29 14:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/29 14:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/25 18:59:02 | 000,000,665 | ---- | C] () -- C:\Program Files\hpmldm01.dat
[2009/02/25 18:59:02 | 000,000,526 | ---- | C] () -- C:\Program Files\hpmews01.dat
[2008/10/06 13:11:34 | 000,002,280 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2001/07/07 03:00:00 | 000,003,279 | ---- | C] () -- C:\Windows\System32\HPTCPMON.INI

========== LOP Check ==========

[2011/02/10 22:57:39 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\DAEMON Tools Lite
[2011/11/02 10:55:32 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Dropbox
[2010/06/21 02:08:37 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Facebook
[2011/10/17 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\FileZilla
[2010/03/19 08:01:12 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\FreeVideoConverter
[2010/02/26 18:27:06 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Nokia
[2010/02/26 18:27:07 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Nokia Ovi Suite
[2010/02/19 08:09:41 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\OpenOffice.org
[2010/02/26 10:10:10 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\PC Suite
[2010/03/19 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\PhotoFiltre
[2010/08/21 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\PTAssembler
[2010/12/29 19:29:10 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Toshiba
[2011/10/23 17:30:42 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\uTorrent
[2010/05/17 22:24:42 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Win7codecs
[2010/03/30 12:04:38 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\WinBatch
[2010/10/27 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\Svetlana\AppData\Roaming\Windows Live Writer
[2011/08/06 10:40:42 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/03/25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008/03/25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
[2008/03/26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008/03/26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows.old\Windows\System32\ctfmon.exe
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2008/04/15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2008/04/15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/06/02 02:40:41 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011/06/02 02:40:41 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
galaktika
 
Messages: 6
Inscription: 02 Nov 2011, 16:07

Re: PC infecté, demande d'étude de rapports d'analyse

Messagede galaktika » 02 Nov 2011, 19:25

le rapport Extras.txt

OTL Extras logfile created on: 02/11/2011 16:59:31 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Svetlana\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,84 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 59,86% Memory free
5,68 Gb Paging File | 4,17 Gb Available in Paging File | 73,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 17,05 Gb Free Space | 11,31% Space Free | Partition Type: NTFS
Drive E: | 145,97 Gb Total Space | 15,06 Gb Free Space | 10,32% Space Free | Partition Type: NTFS

Computer Name: SVETLANA2 | User Name: Svetlana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11B0F8D4-FD80-4800-ABA8-50D28FF769AF}" = e-Carte Bleue La Banque Postale
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{19DAF1F5-CDB8-448D-8E77-A69BE699F20F}" = Internet Mobile 3G+ Bouygues Telecom
"{1B10BB48-3697-4C87-B0BC-23FAC6130199}" = hppFaxDrvM1522
"{1F15B51B-0622-486A-A751-6D4EDD56842A}" = hppusgM1522
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{367B281B-82DC-4D37-9757-74FA350A7D20}" = hppLaserJetService
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DD85535-A50D-4A48-BF60-2BB36FDF3773}" = hppScanTo
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DD734FE-F0D6-4B15-BD77-A4EADBA04DEA}" = hppLJM1522
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86BBD345-0CE6-4AB1-8ADE-FB12D86EAB90}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A800EE5E-D6BD-4326-BED1-F7ECBFBF91CE}" = O2Micro Flash Memory Card Reader Driver (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Français
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A9D5A0-0827-49C2-A903-513045AE15D3}" = hppSendFaxM1522
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9A5BCC2-6B60-463F-ACC3-7788B790B82B}" = hpzTLBXFX
"{BF41B595-62E3-407A-BE1F-267A2AF6CB4C}" = hppTLBXFXM1522
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A37F1F-E13B-48ae-93F8-4669264969F9}" = HP LaserJet M1522 MFP Series 4.2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1D14E56-E344-493F-AA72-CBA4C9F4CF1C}" = hppFaxUtility
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D8AC1EB5-E8B0-44A0-B113-899407188A2F}" = hppFonts
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E352D262-66C1-4669-9522-8B57AA5AE201}" = hppManualsM1522
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact
[...]
galaktika
 
Messages: 6
Inscription: 02 Nov 2011, 16:07

Re: PC infecté, demande d'étude de rapports d'analyse

Messagede galaktika » 02 Nov 2011, 19:26

suite rapport Extras.txt

Edition [ENU]
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B Scientific Skull" = 3B Scientific Skull
"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"84BA15BD1DFEAA8A233F801B29BDC48DEE17B71F" = Package de pilotes Windows - Chicony (usbvideo) Image (05/12/2009 6.3.251.0512)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"conduitEngine" = Conduit Engine
"DivX Setup" = Configuration DivX
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.5.1
"FormatFactory" = FormatFactory 2.60
"FpTest" = FpTest 3.2
"Freeplayer" = Freeplayer
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Logicmax 9.46" = 968
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Ovi Suite" = Nokia Ovi Suite
"Picasa 3" = Picasa 3
"PTAssembler_is1" = PTAssembler
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealAlt_is1" = Real Alternative 1.9.0
"ScanManager_is1" = ScanManager
"Softonic_France_FF Toolbar" = Softonic France FF Toolbar
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.4
"WinLiveSuite" = Windows Live
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"PhotoFiltre" = PhotoFiltre
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
galaktika
 
Messages: 6
Inscription: 02 Nov 2011, 16:07

Re: PC infecté, demande d'étude de rapports d'analyse

Messagede galaktika » 02 Nov 2011, 19:30

En vous remerciant par avance du temps consacré a cette étude,
y a t'il quelques nettoyages a faire? (j'arrive aussi avec 2disques dur de 150G chacun mais quasiment plein, je sais que je dois trier et les décharger un peu)
A bientot,
cordialement,
galaktika
galaktika
 
Messages: 6
Inscription: 02 Nov 2011, 16:07

Re: PC infecté, demande d'étude de rapports d'analyse

Messagede nickW » 04 Nov 2011, 01:58

Bonsoir,


As-tu noté ce qui était inscrit sur le fameux "écran bleu"?


Premiers nettoyages:

Étape 1: Pas de processus de contrôle d'intégrité
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant Résident "TeaTimer". Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: Defogger (de jpshortstuff), téléchargement
Télécharger Defogger depuis http://www.jpshortstuff.247fixes.com/Defogger.exe
Enregistrer le fichier sur le Bureau.


Étape 3: Defogger (de jpshortstuff), désactivation des émulateurs de CD
Lancer Defogger par un double clic sur Defogger.exe

Fermer toutes les fenêtres de programme ouvertes autres que Defogger (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

L'écran de Defogger s'affiche:
Image

Cliquer sur Disable afin de désactiver les pilotes d'émulateurs de CD.

Cliquer sur Yes/Oui pour continuer.

Lors de l'apparition du message Finished!, cliquer sur OK.

Defogger annonce que le PC va redémarrer, cliquer sur OK.


Étape 4: Désinstallation
Démarrer-->Panneau de configuration-->Programmes-->Programmes et fonctionnalités
Sélectionner (si trouvé) Conduit Engine puis cliquer sur Désinstaller
Sélectionner (si trouvé) Softonic France FF Toolbar puis cliquer sur Désinstaller

Dans Firefox, désactiver l'extension Add-Art qui est présentée comme "non compatible avec Firefox 7.0.1".
https://addons.mozilla.org/en-US/firefox/addon/add-art/


Étape 5: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 6: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C
Note importante: ne pas oublier de sélectionner le caractère "deux points" en début de première ligne.

-----------------------------------------------------

:otl
IE - HKLM\..\URLSearchHook: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2207610
IE - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\..\URLSearchHook: {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic France FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2207610&SearchSource=3&q={searchTerms}"
[2010/11/02 15:56:20 | 000,000,939 | ---- | M] () -- C:\Users\Svetlana\AppData\Roaming\Mozilla\Firefox\Profiles\ug92vej5.default\searchplugins\conduit.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic France FF Toolbar) - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1242965286-1668507305-2706088939-1001\..\Toolbar\WebBrowser: (Softonic France FF Toolbar) - {6D6B212B-2245-4898-8B16-9A11B81FF9E1} - C:\Program Files\Softonic_France_FF\tbSoft.dll (Conduit Ltd.)

:Files
C:\Program Files\Softonic_France_FF\
C:\Program Files\ConduitEngine\

:Commands
[emptytemp]



-----------------------------------------------------

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: galaktika.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.


Retourner dans la fenêtre de OTL, faire un clic droit dans la zone blanche sous "Personnalisation" Image et choisir Coller (les lignes sélectionnées ci-dessus doivent apparaître dans la zone "Personnalisation").

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 8: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre" Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 9 invités

cron