Sujet Précédent Sujet Suivant

Virus police nationale

Résolu/Fermé
bxlucky - Modifié par bxlucky le 26/04/2012 à 21:33
mxzone Messages postés 2 Date d'inscription mercredi 9 mai 2012 Statut Membre Dernière intervention 9 mai 2012 - 9 mai 2012 à 13:25
Bonjour,



j ai chopé hier soir un virus police notionale sacem sur mon portable qui est sous vista, je n ai plus d acces a windows ni en normal ni en mode sans echec. Quelqu un peu t il me venir en aide.

merci
bxlucky
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
Utilisateur anonyme
26 avril 2012 à 21:35
Bonsoir

Il va falloir proceder à partir d'un LiveCD

Télécharge OTLPE sur le bureau.
Prépare un CD vierge
Utilise un logiciel de gravure dont tu disposes.
Ou celui-ci Cdburner
Attention il s'agit de graver une imageISO
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD
Tuto OTLPE

Tu lances l'iso d'OTLPE que tu as gravé.
Tu choisis le lecteur ou est installé ton système d'exploitation (par défaut C)
Et ensuite Windows
* une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune

* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", select Yes
* Tu choisis ta session
* Sous Vista et Seven il faut développer l'arborescence du lecteur C qui par défaut embarque Windows et arriver sur le dossier Windows.
Rappel :Tutorial ici : https://forum.malekal.com/viewtopic.php?t=23453&start=
Ensuite
* sous Custom Scan box
1) copie_colle le contenu du cadre ci dessous:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
disk.sys
ndis.sys
mountmgr.sys
aec.sys
rasacd.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
explorer.exe
winlogon.exe
wininit.exe
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.

* 2) Clic Run Scan pour démarrer le scan.
* Une fois terminé , le fichier se trouve là C:\OTL.txt
* Copie_colle le contenu dans ta prochaine réponse.


@+
0
Réponse 2 / 35
bxlucky
26 avril 2012 à 22:17
merci pour ta reponse, je vais voir ca demain a tete repose, je te tiens au courant
0
Utilisateur anonyme
26 avril 2012 à 22:33
Re

Ok ;bonne nuit et à demain
0
Réponse 3 / 35
bxlucky
27 avril 2012 à 18:40
bonsoir,

j'ai fait comme tu m a dit et j ai fait le scan, maintenant j ai un petit souci pour recuper le otl.txt, je n arrive plus a ouvrir le port usb avec reatogo, bien qu il me la reconnaisse en bas, je sais pas si je dois sortir et relancer.
0
Réponse 4 / 35
bxlucky
Modifié par bxlucky le 27/04/2012 à 19:35
c bon j'ai reussi a recuperer le raport

OTL logfile created on: 4/27/2012 6:38:54 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16982)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 23.60 Gb Free Space | 33.82% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 46.51 Gb Free Space | 66.91% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [Auto] -- -- (symndis)
SRV - [2012/03/23 13:49:20 | 000,077,824 | ---- | M] () [Auto] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL -- (SPService)
SRV - [2012/03/07 15:30:56 | 000,030,720 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto] -- C:\Windows\TEMP\htmijn\setup.exe -- (AMService)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2007/09/14 09:32:46 | 000,167,936 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/08/10 04:11:32 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/22 09:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/10 08:05:36 | 000,024,576 | ---- | M] () [Auto] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/04/25 10:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/21 08:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/14 04:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 01:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/24 06:57:54 | 000,107,008 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/21 00:34:00 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/11/21 00:34:00 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique)
SRV - [2006/11/21 00:33:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/21 00:33:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/21 00:33:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/21 00:32:22 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/21 00:31:30 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/21 00:30:48 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/11/02 05:45:47 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\Pcatip.dll -- (tap0901)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/04/27 01:37:52 | 000,068,096 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2007/08/10 04:13:29 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/02 10:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/06/18 06:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/13 22:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/29 18:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel(R)
DRV - [2007/03/21 16:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/07 04:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/02/24 08:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/30 01:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/23 10:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/07 13:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 00:34:46 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/21 00:34:46 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/21 00:34:46 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/21 00:34:40 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/21 00:32:56 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/11/21 00:32:54 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006/11/21 00:32:52 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/21 00:30:58 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006/11/02 11:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel(R)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.acer.com/worldwide/selection.html [binary data]
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.fr.yahoo.com/
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\bruno_ON_C\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\bruno_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\bruno_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\bruno_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\bruno_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\.DEFAULT..\Run: [QJa8hs7QNbxt4uL] C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O4 - HKU\bruno_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\bruno_ON_C..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\bruno_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\bruno_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\bruno_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\.DEFAULT Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\bruno_ON_C Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\bruno_ON_C Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - Winlogon\Notify\lkapoer: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\lkapoer.dll - C:\Windows\System32\config\systemprofile\AppData\Local\lkapoer.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6b665650-5d7d-11e1-aa19-cf5f861a9c37}\Shell\AutoRun\command - "" = RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: tap0901 - C:\Windows\System32\Pcatip.dll (Oak Technology Inc.)
NetSvcs: foldersize - File not found
NetSvcs: PCDCODEC - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {tlMe4VA9-8LXI-r4nq-LmM7-2PRL0gJFErMy} -
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2008/01/03 07:21:09 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008/01/03 05:47:36 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/01/03 05:47:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/10 10:40:58 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007/08/10 03:29:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2012/04/27 11:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 01:37:52 | 000,068,096 | ---- | M] () -- C:\Windows\System32\drivers\tdx.sys
[2012/04/26 15:55:00 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/26 15:42:31 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:42:31 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 14:24:36 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/04/26 13:59:35 | 000,689,846 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/04/26 13:59:35 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/26 13:59:35 | 000,116,988 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/04/26 13:59:35 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/25 15:10:35 | 000,182,784 | ---- | M] () -- C:\Users\bruno\AppData\Roaming\ram_reserver64.exe
[2012/04/25 15:05:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{084DB03B-B2F6-4B43-8C0E-E5AEC842B1BC}.job
[2012/04/21 12:00:22 | 000,247,808 | ---- | M] () -- C:\Users\bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 12:09:36 | 733,828,026 | ---- | M] () -- C:\Users\bruno\Desktop\2011 - L.Ours.Montagne.avi
[2012/04/07 06:31:42 | 731,955,200 | ---- | M] () -- C:\Users\bruno\Desktop\2011 - la dame de fer.avi
[2012/03/28 19:21:50 | 1466,028,363 | ---- | M] () -- C:\Users\bruno\Desktop\2011 - Les.Lyonnais.avi

[color=#E56717]========== Files Created - No Company Name ==========/color

[2012/04/25 15:35:51 | 000,182,784 | ---- | C] () -- C:\Users\bruno\AppData\Roaming\ram_reserver64.exe
[2012/04/17 14:04:26 | 1466,028,363 | ---- | C] () -- C:\Users\bruno\Desktop\2011 - Les.Lyonnais.avi
[2012/04/17 14:03:37 | 731,955,200 | ---- | C] () -- C:\Users\bruno\Desktop\2011 - la dame de fer.avi
[2012/04/17 14:02:50 | 733,828,026 | ---- | C] () -- C:\Users\bruno\Desktop\2011 - L.Ours.Montagne.avi
[2012/04/07 12:08:10 | 1465,561,088 | ---- | C] () -- C:\Users\bruno\Desktop\The.Aventures.Of.Tintin.2011.FRENCH.DVDRip.XviD.AC3-FwD.avi
[2012/02/25 07:16:37 | 000,000,473 | ---- | C] () -- C:\Windows\BettingMarketAnalytics.ini
[2010/08/22 08:52:05 | 000,000,074 | ---- | C] () -- C:\Users\bruno\AppData\Roaming\default.pls
[2008/06/21 02:39:43 | 000,000,680 | ---- | C] () -- C:\Users\bruno\AppData\Local\d3d9caps.dat
[2008/01/03 15:41:23 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/01/03 15:41:12 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/01/03 14:36:57 | 000,247,808 | ---- | C] () -- C:\Users\bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 07:21:09 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/01/03 05:47:36 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008/01/03 05:47:36 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008/01/03 05:47:36 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008/01/03 05:47:36 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2007/11/29 18:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 17:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/10 14:04:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/10 10:42:39 | 000,000,120 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/08/10 10:41:15 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/10 10:41:15 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/10 10:41:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/08/10 10:40:58 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/08/10 10:40:58 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/08/10 03:39:09 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/10 03:30:08 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/10 03:30:08 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/10 03:28:59 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/10 02:37:31 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/04/25 10:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 10:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 10:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 10:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 10:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 10:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 09:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/12 23:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 11:48:33 | 000,689,846 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 11:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 11:48:33 | 000,116,988 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 11:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,379,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,532 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:57:35 | 000,068,096 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/12/26 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color=#E56717]========== LOP Check ==========/color

[2008/08/30 10:36:02 | 000,000,000 | ---D | M] -- C:\Users\bruno\AppData\Roaming\Gamelab
[2010/05/29 14:09:33 | 000,000,000 | ---D | M] -- C:\Users\bruno\AppData\Roaming\GetRightToGo
[2008/08/30 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\bruno\AppData\Roaming\Spandex Force
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/08/30 09:01:01 | 000,000,000 | ---D | M] -- C:\ProgramData\FarmFrenzy2
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/07/06 05:18:51 | 000,000,000 | ---D | M] -- C:\ProgramData\FreshGames
[2008/12/13 04:56:02 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2008/09/13 07:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Sandlot Games
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/13 08:55:31 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/07/06 05:15:38 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualFarm
[2007/08/10 03:59:44 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/04/26 15:03:46 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/25 15:05:28 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{084DB03B-B2F6-4B43-8C0E-E5AEC842B1BC}.job

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color
[2005/08/16 03:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe


[color=#A23BEC]< MD5 for: AGP440.SYS >/color
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >/color
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/08/30 06:56:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/08/30 06:56:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/08/30 06:56:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/08/30 06:56:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >/color
[2008/01/19 01:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >/color
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: DISK.SYS >/color
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

[color=#A23BEC]< MD5 for: ENETHOOK.DLL >/color
[2007/05/22 09:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2007/05/22 09:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Windows\System32\eNetHook.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/05 03:16:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/05 03:16:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >/color
[2006/12/21 23:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c5f2dca\iaStor.sys
[2006/12/21 23:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4b499ec9\iaStor.sys
[2007/04/25 00:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Acer\Robson\WINALL\DRIVER\IASTOR.SYS
[2007/04/25 00:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007/04/25 00:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Acer\Robson\WINALL\DRIVER64\IASTOR.SYS
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IASTOR.SYS
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/03/21 07:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IASTOR.SYS

[color=#A23BEC]< MD5 for: IASTORV.SYS >/color
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >/color
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\System32\drivers\mountmgr.sys
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6000.16386_none_f06162ca0a1ab2c0\mountmgr.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys

[color=#A23BEC]< MD5 for: MRXSMB.SYS >/color
[2010/02/23 07:16:50 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=1F0DAA8676E0B3D00C2EC1F82B140A1C -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22346_none_81dc4772677c5da2\mrxsmb.sys
[2010/02/23 07:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=454341E652BDF5E01B0F2140232B073E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18213_none_8170198d4e491e00\mrxsmb.sys
[2008/01/03 07:34:14 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=529B64F9735D27FEF1B8EA1678F8C79E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16586_none_7d5aaf055432589d\mrxsmb.sys
[2010/02/23 07:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=7AFC42E60432FD1014F5342F2B1B1F74 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18431_none_7f7205535134d0e9\mrxsmb.sys
[2010/02/23 09:14:41 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=8AF705CE1BB907932157FAB821170F27 -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 09:14:41 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=8AF705CE1BB907932157FAB821170F27 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e\mrxsmb.sys
[2010/02/23 07:30:49 | 000,102,912 | ---- | M] (Microsoft Corporation) MD5=BBB0D31B477CFF3B4F737ED0367F635F -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21230_none_7e143b506d2cf9ad\mrxsmb.sys
[2008/01/19 01:28:36 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C4AD205530888404E2B5FC8D9319B119 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18000_none_7f916d35511d6f23\mrxsmb.sys
[2010/02/23 07:30:23 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=D92DB980E8F791286750127C8E371A7D -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22641_none_7ff0d4186a5a89cb\mrxsmb.sys
[2008/01/03 07:34:14 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=DC5632CBC8A3D02CE1114DEBB64B7037 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.20709_none_7e3dcdf46d0c620b\mrxsmb.sys
[2006/11/02 04:31:21 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=FCA7563D87F71C6DB0182CA67CC19AA7 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16386_none_7d5aab3954325e4f\mrxsmb.sys

[color=#A23BEC]< MD5 for: MRXSMB10.SYS >/color
[2008/12/06 05:49:48 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0883E1ADA541F4201ECAF63C29F2DCAC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
[2008/12/06 05:49:48 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0A986B34F1678A2697574D7B1664E2DD -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
[2010/02/23 07:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=2A4901AFF069944FA945ED5BBF4DCDE3 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8a8337e1489a5c62\mrxsmb10.sys
[2008/12/06 05:49:48 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=2BBD3970018270D2C6A0B069F568154E -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
[2010/02/23 07:16:58 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=32E743994055D8D4729E2F2E0EF4758D -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8aef65c661cd9c04\mrxsmb10.sys
[2010/02/23 09:14:51 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=47E13AB23371BE3279EEF22BBFA2C1BE -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 09:14:51 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=47E13AB23371BE3279EEF22BBFA2C1BE -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.17025_none_86ad8c514e53fde0\mrxsmb10.sys
[2010/02/23 07:30:28 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=581305791239FAC6B5B4225AB0C7A7E4 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8903f26c64abc82d\mrxsmb10.sys
[2006/11/02 04:31:27 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=58A9AB5754FA4CABEDE7401283B5A771 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16386_none_866dc98d4e839cb1\mrxsmb10.sys
[2008/01/19 01:28:42 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=67E55CED3FC143C82A8197988BFC1F9A -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18000_none_88a48b894b6ead85\mrxsmb10.sys
[2010/02/23 07:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=8A75752AE17924F65452746674B14B78 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18431_none_888523a74b860f4b\mrxsmb10.sys
[2010/02/23 07:30:59 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=A6130566AC4178473B5DAC8F8F74407D -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21230_none_872759a4677e380f\mrxsmb10.sys
[2008/12/06 05:49:48 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=F813456C00B904DC3B6558CAD7B13BBA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys

[color=#A23BEC]< MD5 for: MRXSMB20.SYS >/color
[2010/02/23 07:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=28B3F1AB44BDD4432C041581412F17D9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8cb9a1f386f18fd3\mrxsmb20.sys
[2008/01/03 07:34:14 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=30A67C7D8B80281028916DED6A64AEC9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16586_none_88a4376b8cdaca70\mrxsmb20.sys
[2008/01/19 01:28:37 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=3268B8C3FA92BFC086355C39B45E9CC9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18000_none_8adaf59b89c5e0f6\mrxsmb20.sys
[2010/02/23 07:30:53 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=3D475E770D3AB2D0C5E3E1386871F9DA -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21230_none_895dc3b6a5d56b80\mrxsmb20.sys
[2008/01/03 07:34:14 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=5334E68E89628A117255B936B204977F -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.20709_none_8987565aa5b4d3de\mrxsmb20.sys
[2006/11/02 04:31:17 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=79B09504E4A790104683722CD04F76B4 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16386_none_88a4339f8cdad022\mrxsmb20.sys
[2010/02/23 09:14:42 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=90B3FC7BD6B3D7EE7635DEBBA2187F66 -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/23 09:14:42 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=90B3FC7BD6B3D7EE7635DEBBA2187F66 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.17025_none_88e3f6638cab3151\mrxsmb20.sys
[2010/02/23 07:16:50 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=98A085E296A9BA865CAE56C1BCB1A0F6 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8d25cfd8a024cf75\mrxsmb20.sys
[2010/02/23 07:30:23 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=A4BD317F6D6AD2B3A1FF81DC063748D4 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8b3a5c7ea302fb9e\mrxsmb20.sys
[2010/02/23 07:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=F4D0F3252E651F02BE64984FFA738394 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18431_none_8abb8db989dd42bc\mrxsmb20.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >/color
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >/color
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >/color
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=#A23BEC]< MD5 for: RASACD.SYS >/color
[2008/01/19 01:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\System32\drivers\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasacd.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >/color
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[color=#A23BEC]< MD5 for: STORPORT.SYS >/color
[2008/01/19 03:43:12 | 000,123,960 | ---- | M] (Microsoft Corporation) MD5=39AD2C7B9C05C1CCD12480890DBA4EB5 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6001.18000_none_277c4ea9302ee5d3\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\System32\drivers\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6000.16386_none_25458cad3343d4ff\Storport.sys

[color=#A23BEC]< MD5 for: TERMDD.SYS >/color
[2006/11/02 05:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=2C549BD9DD091FBFAA0A2A48E82EC2FB -- C:\Windows\System32\drivers\termdd.sys
[2006/11/02 05:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=2C549BD9DD091FBFAA0A2A48E82EC2FB -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\termdd.sys
[2008/01/19 03:42:19 | 000,054,328 | ---- | M] (Microsoft Corporation) MD5=A048056F5E1A96A9BF3071B91741A5AA -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\termdd.sys

[color=#A23BEC]< MD5 for: WIN32K.SYS >/color
[2007/08/10 02:57:34 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=00D35636A02BB4529A707FA4E0B7F957 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20537_none_b77d6655b68fe37f\win32k.sys
[2008/08/30 06:52:44 | 002,028,544 | ---- | M] (Microsoft Corporation) MD5=0FB1E39EE209B26B70A8C1E1A56D38DF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
[2009/04/21 07:55:06 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=13D686DF9652E7A397B2C3DA89881C34 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\win32k.sys
[2009/08/14 09:53:16 | 002,035,712 | ---- | M] (Microsoft Corporation) MD5=18406CE410C1A4394FE1A8246D10567F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys
[2009/08/14 09:29:56 | 002,045,440 | ---- | M] (Microsoft Corporation) MD5=26AC4A647E67C7A7064309CBF1AAE3AC -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22200_none_bb639005b0cab34a\win32k.sys
[2009/02/08 22:54:45 | 002,033,664 | ---- | M] (Microsoft Corporation) MD5=33180D19BCCBF9CB6B96CE03BB613FD4 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22372_none_b9336b71b3db5a1d\win32k.sys
[2006/11/02 04:39:12 | 002,026,496 | ---- | M] (
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
bxlucky
27 avril 2012 à 19:40
la suite

C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22372_none_b9336b71b3db5a1d\win32k.sys
[2006/11/02 04:39:12 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=47754A68CC02A84DBD8413396368D963 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16386_none_b6bcb7be9d9bb8ec\win32k.sys
[2008/12/06 05:48:58 | 002,029,568 | ---- | M] (Microsoft Corporation) MD5=541DF3F03A378BDD96A917A4CB8C71A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys
[2008/08/30 06:52:43 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=5B1E0409A9A6C415543732F21B2B7CC6 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
[2009/02/08 23:10:34 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=5CAE6E4513342909C7FDA4F83D85E958 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18211_none_b8e9ade49a8df956\win32k.sys
[2009/04/21 07:55:42 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=633B5887DC689EB3ECF2F0994F506F40 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys
[2008/01/19 01:37:02 | 002,031,616 | ---- | M] (Microsoft Corporation) MD5=664FCB81B53ECC5A1ACB325D50EB11C0 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18000_none_b8f379ba9a86c9c0\win32k.sys
[2009/02/08 21:54:23 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=6730B1581BBE610596C322465229D8A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21006_none_b79cb589b6789e33\win32k.sys
[2009/02/08 21:59:26 | 002,028,032 | ---- | M] (Microsoft Corporation) MD5=68D3921F210FC146876B7815DF5BCC41 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16816_none_b70870b09d62e718\win32k.sys
[2008/08/30 06:52:44 | 002,027,008 | ---- | M] (Microsoft Corporation) MD5=6FF39E07708091C05FC748DB2DE833EA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
[2007/08/10 02:57:34 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=832313608F8B128EC715047CF27732CF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16438_none_b6f4c9d49d715d0c\win32k.sys
[2009/08/14 09:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) MD5=8705038245789561EE714D12CC3368CE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18091_none_ba79a25297f52b29\win32k.sys
[2008/12/06 05:48:57 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=8BE357305D4BBEC35DBBE7D5536EE8C9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\win32k.sys
[2008/08/30 06:52:44 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=8F2DA4DDC21250ABA9206352A1080299 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
[2008/12/06 05:48:58 | 002,032,640 | ---- | M] (Microsoft Corporation) MD5=9304DD0014438C06261994960E24418A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys
[2009/08/14 10:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) MD5=9352E049F234BFA756C840CD8BDF4FFE -- C:\Windows\System32\win32k.sys
[2009/08/14 10:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) MD5=9352E049F234BFA756C840CD8BDF4FFE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
[2009/04/21 07:39:47 | 002,034,688 | ---- | M] (Microsoft Corporation) MD5=A1696D4E327DB3FC815DAE837DC3D8B8 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\win32k.sys
[2008/12/06 05:48:58 | 002,027,520 | ---- | M] (Microsoft Corporation) MD5=A90760D6F915CBB28E7F240668881BDE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\win32k.sys
[2009/04/21 07:42:33 | 002,034,688 | ---- | M] (Microsoft Corporation) MD5=AB4D93D30AA6B51598ADAFB6AAAB5962 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\win32k.sys
[2009/08/14 09:46:38 | 002,036,224 | ---- | M] (Microsoft Corporation) MD5=D4F9530BB031E0BAEDBE08B21BE52ADD -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22497_none_b922cef1b3e70dd9\win32k.sys
[2008/01/05 03:16:46 | 002,027,008 | ---- | M] (Microsoft Corporation) MD5=D5D8B98DF632E47185B36CD67AFAF42E -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16551_none_b6d829dc9d87e0b4\win32k.sys
[2009/04/21 09:26:36 | 002,034,176 | ---- | M] (Microsoft Corporation) MD5=D8882CAF965DCBDE4278C88842D0ACFE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\win32k.sys
[2008/01/05 03:16:46 | 002,028,544 | ---- | M] (Microsoft Corporation) MD5=EB58A5AD90B05A75EE824635E150FA0B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20670_none_b74b2685b6b69f09\win32k.sys
[2009/04/21 08:04:30 | 002,028,032 | ---- | M] (Microsoft Corporation) MD5=F0F292B8E028D69ACF49A9A78FBE4B78 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\win32k.sys
[2009/08/15 17:08:32 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=F140B984628DA0171AC67548A0515572 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys

[color=#A23BEC]< MD5 for: WININIT.EXE >/color
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >/color
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
[2006/11/02 05:46:04 | 000,139,264 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\fontext.dll
[2008/11/06 08:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\shell32.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color

[color=#A23BEC]< %systemroot%\System32\config\*.sav >/color
[2007/08/10 10:43:28 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/08/10 10:43:26 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/08/10 10:43:28 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/08/10 10:43:38 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/08/10 10:43:39 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

[color=#A23BEC]< CREATERESTOREPOINT >/color

[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========/color
[C:\Windows\$NtUninstallKB32385$] -> -> Unknown point type

[color=#E56717]========== Alternate Data Streams ==========/color

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:E74DF3B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FF8F1AE3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:38849DE5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4F58D818
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BBAEBA91
< End of report >
0
Réponse 6 / 35
Utilisateur anonyme
27 avril 2012 à 20:51
Bonsoir

* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", selectionne "Yes"
* quand demandé "Do you wish to load remote user profile(s) for scanning", selectionne "Yes"
* verifier que "Automatically Load All Remaining Users" est sélectionné et presse OK


http://imagesup.org/image

* sous Custom Scan box copie_colle le tout ci dessous et clic RUNFIX


:OTL
O4 - HKLM..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O4 - HKU\.DEFAULT..\Run: [QJa8hs7QNbxt4uL] C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O4 - HKU\bruno_ON_C..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKLM Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\.DEFAULT Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\bruno_ON_C Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\bruno_ON_C Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()


:Files
C:\Users\bruno\AppData\Roaming\ram_reserver64.exe
c:\windows\system32\config\systemprofile\appdata\roaming\ram_reserver64.exe



tu conserves le rapport qui s'affiche ; et tu le copies et colles dans ta prochaine réponse


@+
0
Réponse 7 / 35
kitty83 Messages postés 12 Date d'inscription mercredi 22 février 2012 Statut Membre Dernière intervention 30 avril 2012 2
27 avril 2012 à 20:54
Alors j'ai eu aussi ce virus et j'ai simplement supprimer ma session (si tu as 2 sessions biensure)
0
mxzone Messages postés 2 Date d'inscription mercredi 9 mai 2012 Statut Membre Dernière intervention 9 mai 2012
9 mai 2012 à 13:25
Hello Kitty (ahahaha)

Moi aussi j'ai deux sessions... donc tu as supprimé la tienne est tout est ok ? Pas d'infection parallèle sur l'autre profil après re-démarrage ?

Merci de ta réponse
0
Réponse 8 / 35
bxlucky
28 avril 2012 à 14:06
bonjour,

le rapport

:========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QJa8hs7QNbxt4uL deleted successfully.
C:\Users\bruno\AppData\Roaming\ram_reserver64.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\QJa8hs7QNbxt4uL deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe moved successfully.
Registry value HKEY_USERS\bruno_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\QJa8hs7QNbxt4uL deleted successfully.
File C:\Users\bruno\AppData\Roaming\ram_reserver64.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\bruno\AppData\Roaming\ram_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roaming\ram_reserver64.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\bruno\AppData\Roaming\ram_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roaming\ram_reserver64.exe not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe deleted successfully.
File C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe deleted successfully.
File C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe not found.
Registry value HKEY_USERS\bruno_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\bruno\AppData\Roaming\ram_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roaming\ram_reserver64.exe not found.
Registry value HKEY_USERS\bruno_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\bruno\AppData\Roaming\ram_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roaming\ram_reserver64.exe not found.
========== FILES ==========
File\Folder C:\Users\bruno\AppData\Roaming\ram_reserver64.exe not found.
File\Folder c:\windows\system32\config\systemprofile\appdata\roaming\ram_reserver64.exe not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 04282012_160122
0
Réponse 9 / 35
Utilisateur anonyme
28 avril 2012 à 14:08
Bonjour

Démarre ton PC normalement et dis moi si cela fonctionne.
Merci

@+
0
Réponse 10 / 35
bxlucky
28 avril 2012 à 14:20
donc la j ai recupere la barre d outil en bas mais j ai le bureau qui est tout noir
0
Réponse 11 / 35
Utilisateur anonyme
28 avril 2012 à 14:22
Re

[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du rapport

@+
0
Réponse 12 / 35
bxlucky
28 avril 2012 à 14:43
rapport

RogueKiller V7.3.3 [22/04/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur: bruno [Droits d'admin]
Mode: Recherche -- Date: 28/04/2012 16:34:59

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\Windows\TEMP\htmijn\setup.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 +++++
--- User ---
[MBR] 811e76da944838bce900feb144bdf687
[BSP] 7d49a6c1e563065849e287f0934e3071 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 71448 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166793216 | Size: 71184 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 13 / 35
Utilisateur anonyme
28 avril 2012 à 14:53
Re

Relance Roguekiller option suppression
Poste moi ce rapport
Merci

@+
0
Réponse 14 / 35
bxlucky
28 avril 2012 à 15:00
voila

RogueKiller V7.3.3 [22/04/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur: bruno [Droits d'admin]
Mode: Suppression -- Date: 28/04/2012 16:57:56

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\Windows\TEMP\htmijn\setup.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> DELETED
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 +++++
--- User ---
[MBR] 811e76da944838bce900feb144bdf687
[BSP] 7d49a6c1e563065849e287f0934e3071 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 71448 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166793216 | Size: 71184 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
0
Réponse 15 / 35
Utilisateur anonyme
28 avril 2012 à 15:07
Re

Quelles sont les nouvelles?

à+
0
Réponse 16 / 35
bxlucky
28 avril 2012 à 15:10
ben je sais pas fo que je relance la ?
0
Utilisateur anonyme
28 avril 2012 à 15:11
Oui ;relance
0
Réponse 17 / 35
bxlucky
28 avril 2012 à 15:18
j'ai recupere le bureau
0
Réponse 18 / 35
Utilisateur anonyme
28 avril 2012 à 15:23
Re


1)Télécharge Malwaresbytes anti malware ici
http://www.malwarebytes.org/mbam.php

Bouton »Download free version »

* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/

* Potasse le tuto pour te familiariser avec le prg :

https://forum.pcastuces.com/sujet.asp?f=31&s=3

(cela dis, il est très simple d'utilisation).

relance Malwaresbytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's. Sous Vista et Seven (clic droit de la souris « exécuter en tant que administrateur »)

*Procèdes à une mise à jour

*Fais un examen dit "Complet"

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)




2)Et bien maintenant il faut mettre à jour ton PC et le maintenir.

Pour vérifier les mises à jour logiciels à appliquer sur ton PC
https://www.flexera.com/products/operations/software-vulnerability-management.html
Divers liens te seront proposés pour les logiciels non à jour.


Tiens moi au courant


@+
0
Réponse 19 / 35
bxlucky
28 avril 2012 à 15:23
il y a autre chose a faire?
0
Utilisateur anonyme
28 avril 2012 à 15:35
Voir ici
0
Réponse 20 / 35
bxlucky
28 avril 2012 à 16:54
Malwarebytes Anti-Malware (Essai) 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.04.28.04

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
bruno :: PC-DE-BRUNO [administrateur]

Protection: Activé

28/04/2012 17:36:30
mbam-log-2012-04-28 (17-36-30).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 308463
Temps écoulé: 1 heure(s), 5 minute(s), 40 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 2
C:\Windows\System32\Pcatip.dll (RootKit.0Access.H) -> Suppression au redémarrage.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Suppression au redémarrage.

Clé(s) du Registre détectée(s): 5
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.
HKCR\sp (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Données: sp -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Données: -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Données: SPService^^ -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 10
C:\Windows\System32\Pcatip.dll (RootKit.0Access.H) -> Suppression au redémarrage.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Suppression au redémarrage.
C:\Users\bruno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Q0KREUK\calc[1].exe (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\CdaD10BA.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\Intels51.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\lusbaudio.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\toshidpt.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Temp\jvetks\setup.exe (Trojan.Winlock.P) -> Mis en quarantaine et supprimé avec succès.
C:\_OTL\MovedFiles\04282012_160122\C_Users\bruno\AppData\Roaming\ram_reserver64.exe (Trojan.Winlock.P) -> Mis en quarantaine et supprimé avec succès.
C:\_OTL\MovedFiles\04282012_160122\C_Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe (Trojan.Winlock.P) -> Mis en quarantaine et supprimé avec succès.

(fin)
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Peut-on retrouver un portable avec un N°IMEI
Curly93 -
Hnn -

30 réponses
Menace "Interpol" après webcam coquine
diego34 -
Panth33ra -

4 réponses
Faux mails Interpol Côte d'Ivoire
Idderf -
OUps -

21 réponses
Police d'écriture style "vieux journal"
joshua87 -
,,,,, -

3 réponses