Il y a actuellement 376 visiteurs
Jeudi 26 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Antimalware Doctor

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Antimalware Doctor

Message le 20 Mai 2010 02:21

Bonsoir,

Comme beaucoup de personnes ces temps-ci, mon ordinateur est infecté par ce fameux Antimalware Doctor... Ayant parcouru différents forums depuis maintenant 4h et ayant essayé toutes les solutions possibles, je commence à désesperer...
Quelqu'un pourrait-il m'expliquer la démarche, étape par étape, à effectuer pour ne plus avoir affaire à cette m**** svp?
N'étant vraiment pas du tout un crack en informatique, ça serait sympa de m'expliquer d'une manière simpliste :)
Merci d'avance!

Manuch78
Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 


Re: Antimalware Doctor

Message le 20 Mai 2010 07:36

bonjour et bienvenue sur PC-Infopratique :wink:

fais cela stp...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Antimalware Doctor

Message le 20 Mai 2010 10:35

Merci de l'aide! Voilà mes rapports:

Code: Tout sélectionner
- OTL:

OTL logfile created on: 20/05/2010 11:12:58 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\corri83977\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 36,63 Gb Free Space | 49,35% Space Free | Partition Type: NTFS
Drive D: | 74,83 Gb Total Space | 17,79 Gb Free Space | 23,77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ESC-090870
Current User Name: corri83977
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\corri83977\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C\gotnewupdate000.exe (MS)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
PRC - c:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Activ Software\Activdriver\ActivControl2.exe (Promethean Technologies Group Ltd)
PRC - C:\Program Files\Archimed\Watchdoc\AWDTSGate.exe (Archimed)
PRC - C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\corri83977\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll ()
MOD - C:\Program Files\Microsoft Script Control\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (yksvc) -- C:\Windows\System32\yk60x86.dll (Marvell)
SRV - (FCSAM) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (FTRTSVC) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
SRV - (ATService) -- c:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FcsSas) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (5U876UVC) -- C:\Windows\System32\drivers\5U876.sys (Ricoh co.,Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ActivHidSerMini) -- C:\Windows\System32\drivers\activhidsermini.sys (Promethean Technologies Ltd)
DRV - (prmvmouse) -- C:\Windows\System32\drivers\activmouse.sys (Promethean Technologies Ltd)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/11 10:49:03 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010/05/20 02:17:31 | 000,321,396 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1   http://www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   http://www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   http://www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   http://www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   http://www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   http://www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   http://www.100888290cs.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   http://www.10sek.com
O1 - Hosts: 127.0.0.1   http://www.1-2005-search.com
O1 - Hosts: 11013 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ActivControl] C:\Program Files\Activ Software\Activdriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AWDPopupInit]  File not found
O4 - HKLM..\Run: [AWDTSGate]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Popup] C:\Program Files\Archimed\Watchdoc\AWDTSGate.exe (Archimed)
O4 - HKU\S-1-5-18..\Run: [Popup] C:\Program Files\Archimed\Watchdoc\AWDTSGate.exe (Archimed)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079..\Run: [corri83977] C:\Users\corri83977\corri83977.exe File not found
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079..\Run: [gotnewupdate000.exe] C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C\gotnewupdate000.exe (MS)
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079..\Run: [M5T8QL3YW3] C:\Users\CORRI8~1\AppData\Local\Temp\Qdd.exe File not found
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079..\Run: [Popup] C:\Program Files\Archimed\Watchdoc\AWDTSGate.exe (Archimed)
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\corri83977\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe ()
O4 - Startup: C:\Users\corri83977\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: esc-grenoble.fr ([]* in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: grenoble-em.com ([]* in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: grenoble-em.com ([mediaplus] http in Sites de confiance)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: mappy.com ([]http in Sites de confiance)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: mti-brothers.com ([]* in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: orange.fr ([]http in Sites de confiance)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: voila.fr ([rw.search.ke] http in Sites de confiance)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Domains: weborama.fr ([orange] http in Sites de confiance)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10001 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10002 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10003 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10004 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10005 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10006 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10007 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10008 ([http] in Intranet local)
O15 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..Trusted Ranges: Range10009 ([http] in Intranet local)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.grenoble-em.com
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\corri83977\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\corri83977\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5ada477e-238c-11df-96d6-00247e91681d}\Shell - "" = AutoRun
O33 - MountPoints2\{5ada477e-238c-11df-96d6-00247e91681d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{64a91371-e965-11de-9b75-00247e91681d}\Shell\AutoRun\command - "" = F:\svchost.exe -- File not found
O33 - MountPoints2\{7a542e6d-e3dd-11de-baef-00247e91681d}\Shell\AutoRun\command - "" = F:\svchost.exe -- File not found
O33 - MountPoints2\{9bd9c023-c5b6-11de-b17f-00247e91681d}\Shell\AutoRun\command - "" = F:\svchost.exe -- File not found
O33 - MountPoints2\{ae589f21-dd9e-11de-a808-00247e91681d}\Shell\AutoRun\command - "" = G:\svchost.exe -- File not found
O33 - MountPoints2\{d70870c4-283b-11df-a8e9-00247e91681d}\Shell - "" = AutoRun
O33 - MountPoints2\{d70870c4-283b-11df-a8e9-00247e91681d}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 04:35:08 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/05/20 02:07:21 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2010/05/20 02:07:21 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2010/05/20 02:07:21 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2010/05/20 02:07:21 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2010/05/20 02:07:21 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2010/05/20 02:07:21 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[2010/05/20 02:07:21 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2010/05/20 02:07:21 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2010/05/20 02:07:21 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2010/05/20 02:07:21 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2010/05/20 02:07:21 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010/05/14 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Sibelius Software
[2010/04/26 17:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\outlook security manager
[2010/04/21 12:29:02 | 000,000,000 | ---D | C] -- D:\Mes Documents\Documents\Fiche second trimestre
[2010/04/21 01:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Musicnotes
[2009/03/26 06:37:38 | 000,256,560 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/05/20 11:17:18 | 007,077,888 | -HS- | M] () -- C:\Users\corri83977\ntuser.dat
[2010/05/20 11:15:59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{33CD9555-346A-4025-952C-AED3F1651FAF}.job
[2010/05/20 11:12:00 | 001,506,976 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/20 11:12:00 | 000,682,146 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/05/20 11:12:00 | 000,598,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/20 11:12:00 | 000,129,296 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/05/20 11:12:00 | 000,106,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/20 11:08:16 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/20 11:08:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/20 05:30:39 | 000,005,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/20 05:30:39 | 000,005,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/20 03:30:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/20 03:30:33 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/20 03:29:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/20 03:29:29 | 000,524,288 | -HS- | M] () -- C:\Users\corri83977\ntuser.dat{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/05/20 03:29:29 | 000,065,536 | -HS- | M] () -- C:\Users\corri83977\ntuser.dat{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/05/20 02:36:28 | 000,001,380 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010/05/20 02:34:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/20 02:28:21 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/20 02:17:36 | 000,004,748 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/05/20 02:06:11 | 000,442,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/20 01:16:58 | 000,001,154 | ---- | M] () -- C:\Users\Etudiant\Desktop\Antimalware Doctor.lnk
[2010/05/20 01:16:34 | 000,224,256 | ---- | M] () -- C:\Windows\System32\sshnas21.dll
[2010/05/16 22:28:15 | 000,131,960 | ---- | M] () -- C:\Users\Etudiant\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/13 19:59:16 | 000,245,271 | ---- | M] () -- C:\codes_dott.zip
[2010/05/06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 10:05:08 | 000,010,900 | ---- | M] () -- D:\Mes Documents\Documents\Historique Caterpilla.docx
[2010/04/26 17:43:15 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Certiprep.lnk
[2010/04/26 17:43:15 | 000,000,724 | ---- | M] () -- C:\Users\Public\Desktop\iQsystem Tools.lnk
[2010/04/26 17:43:15 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\iQsystem Exams.lnk
[2010/04/22 14:14:18 | 001,048,576 | -HS- | M] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.2.regtrans-ms
[2010/04/22 14:14:18 | 001,048,576 | -HS- | M] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.1.regtrans-ms
[2010/04/22 14:14:18 | 001,048,576 | -HS- | M] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.0.regtrans-ms
[2010/04/22 14:14:18 | 000,065,536 | -HS- | M] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.blf
[2010/04/21 10:22:43 | 000,293,039 | ---- | M] () -- D:\Mes Documents\Documents\Facture_Pro_Forma_ORAL_E52_Anglais[1].rtf
[2010/04/20 21:28:44 | 000,028,942 | ---- | M] () -- D:\Mes Documents\Documents\Economie de la firme (2).docx
[2010/04/20 13:57:43 | 000,075,582 | ---- | M] () -- D:\Mes Documents\Documents\Soutenance Adayg Fatou et Gaelle.pptx
[2010/04/20 13:57:30 | 000,088,752 | ---- | M] () -- D:\Mes Documents\Documents\Soutenance Adayg Manu et Lucie.pptx
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/05/20 02:23:30 | 000,001,380 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010/05/20 02:12:29 | 2072,264,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/20 02:08:16 | 000,004,748 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/05/20 02:07:21 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2010/05/20 02:07:21 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2010/05/20 02:07:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2010/05/20 01:16:58 | 000,001,154 | ---- | C] () -- C:\Users\Etudiant\Desktop\Antimalware Doctor.lnk
[2010/05/20 01:16:37 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/20 01:16:34 | 000,224,256 | ---- | C] () -- C:\Windows\System32\sshnas21.dll
[2010/05/13 20:05:43 | 000,245,271 | ---- | C] () -- C:\codes_dott.zip
[2010/05/13 20:05:43 | 000,148,069 | R--- | C] () -- C:\TENTACLE.EXE
[2010/05/13 20:05:43 | 000,040,293 | R--- | C] () -- C:\DOTT.EXE
[2010/05/13 12:17:56 | 000,077,436 | ---- | C] () -- D:\Mes Documents\Documents\Corriette Emmanuel CV.doc
[2010/04/28 10:05:05 | 000,010,900 | ---- | C] () -- D:\Mes Documents\Documents\Historique Caterpilla.docx
[2010/04/26 17:43:15 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Certiprep.lnk
[2010/04/26 17:43:15 | 000,000,724 | ---- | C] () -- C:\Users\Public\Desktop\iQsystem Tools.lnk
[2010/04/26 17:43:15 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\iQsystem Exams.lnk
[2010/04/22 14:14:18 | 001,048,576 | -HS- | C] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.2.regtrans-ms
[2010/04/22 14:14:18 | 001,048,576 | -HS- | C] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.1.regtrans-ms
[2010/04/22 14:14:18 | 001,048,576 | -HS- | C] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.0.regtrans-ms
[2010/04/22 14:14:18 | 000,065,536 | -HS- | C] () -- C:\Users\corri83977\ntuser.dat{3d4e88f0-6a70-11db-b1ba-d64300c9c793}.TxR.blf
[2010/04/20 21:28:39 | 000,028,942 | ---- | C] () -- D:\Mes Documents\Documents\Economie de la firme (2).docx
[2010/04/20 13:57:43 | 000,075,582 | ---- | C] () -- D:\Mes Documents\Documents\Soutenance Adayg Fatou et Gaelle.pptx
[2010/04/20 13:57:29 | 000,088,752 | ---- | C] () -- D:\Mes Documents\Documents\Soutenance Adayg Manu et Lucie.pptx
[2010/03/03 13:16:11 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/06 15:44:56 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/06 15:44:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/30 13:38:16 | 000,000,000 | ---- | C] () -- C:\Windows\PertPlus[1].INI
[2009/09/30 00:57:31 | 000,000,143 | ---- | C] () -- C:\Windows\PERTPL~1.INI
[2009/08/13 10:02:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/08/13 10:02:51 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/08/13 10:02:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/08/13 10:02:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/08/13 10:02:51 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/08/13 10:02:51 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/08/11 10:53:00 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/08/11 10:02:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/08/11 09:45:18 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ITSLauncher.dll
[2009/08/11 09:45:03 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ITSUtils.dll
[2009/08/11 09:45:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\ITSMAPI.dll
[2009/08/11 09:45:03 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
[2009/08/10 09:40:24 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/04/11 15:19:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/26 06:39:14 | 001,765,168 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/03/26 06:39:04 | 000,034,480 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/12/05 02:25:00 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2007/09/18 15:01:08 | 000,167,936 | ---- | C] () -- C:\Windows\libactivboardex.dll
[2007/09/13 09:31:50 | 000,196,608 | ---- | C] () -- C:\Windows\ActivDRV.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/12 11:08:38 | 006,172,672 | ---- | C] () -- C:\Windows\System32\HwRecogK.dll
[2006/08/14 09:56:52 | 007,946,240 | ---- | C] () -- C:\Windows\System32\HWRecogT.dll
[2006/08/13 17:48:58 | 015,147,008 | ---- | C] () -- C:\Windows\System32\HWRecog.dll
[2006/05/19 18:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2003/08/07 16:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2003/03/24 06:03:00 | 000,279,552 | ---- | C] () -- C:\Windows\System32\FGWVB32.DLL
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/05/20 02:01:51 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C
[2010/03/05 11:52:22 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\DAEMON Tools Lite
[2010/01/21 00:53:31 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\FMZilla
[2009/08/13 10:08:46 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\InterVideo
[2010/05/20 11:17:04 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\LimeWire
[2010/01/19 01:37:18 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\MaxTV Technologies
[2009/08/11 10:10:19 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\Nvu
[2010/01/02 23:33:00 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\ScummVM
[2009/09/23 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\SecondLife
[2009/08/11 10:09:03 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\Sphinx
[2010/03/05 12:16:12 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\Sports Interactive
[2009/08/18 09:22:19 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\Xerox
[2009/12/16 14:38:53 | 000,000,000 | ---D | M] -- C:\Users\corri83977\AppData\Roaming\XnView
[2009/08/13 10:08:46 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\InterVideo
[2009/08/11 10:10:19 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Nvu
[2009/08/11 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\SecondLife
[2009/08/11 10:09:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Sphinx
[2009/08/18 09:22:19 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Xerox
[2009/08/11 10:17:56 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\XnView
[2009/08/13 10:08:46 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\InterVideo
[2009/08/11 10:10:19 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Nvu
[2009/08/11 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\SecondLife
[2009/08/11 10:09:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Sphinx
[2009/08/18 09:22:19 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Xerox
[2009/08/11 10:17:56 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\XnView
[2009/08/13 10:08:46 | 000,000,000 | ---D | M] -- C:\Users\e-center\AppData\Roaming\InterVideo
[2009/08/11 10:10:19 | 000,000,000 | ---D | M] -- C:\Users\e-center\AppData\Roaming\Nvu
[2009/08/11 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\e-center\AppData\Roaming\SecondLife
[2009/08/11 10:09:03 | 000,000,000 | ---D | M] -- C:\Users\e-center\AppData\Roaming\Sphinx
[2009/08/18 09:22:19 | 000,000,000 | ---D | M] -- C:\Users\e-center\AppData\Roaming\Xerox
[2009/08/11 10:17:56 | 000,000,000 | ---D | M] -- C:\Users\e-center\AppData\Roaming\XnView
[2009/08/13 10:08:46 | 000,000,000 | ---D | M] -- C:\Users\Etudiant\AppData\Roaming\InterVideo
[2009/08/11 10:10:19 | 000,000,000 | ---D | M] -- C:\Users\Etudiant\AppData\Roaming\Nvu
[2009/08/11 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\Etudiant\AppData\Roaming\SecondLife
[2009/08/11 10:09:03 | 000,000,000 | ---D | M] -- C:\Users\Etudiant\AppData\Roaming\Sphinx
[2009/08/18 09:22:19 | 000,000,000 | ---D | M] -- C:\Users\Etudiant\AppData\Roaming\Xerox
[2009/08/11 10:17:56 | 000,000,000 | ---D | M] -- C:\Users\Etudiant\AppData\Roaming\XnView
[2010/05/20 03:29:37 | 000,032,508 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/20 11:15:59 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{33CD9555-346A-4025-952C-AED3F1651FAF}.job
[2010/05/20 11:08:16 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[1993/06/25 12:49:32 | 000,040,293 | R--- | M] () -- C:\DOTT.EXE
[1993/06/25 12:49:32 | 000,148,069 | R--- | M] () -- C:\TENTACLE.EXE
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008/01/21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 15:19:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2008/01/21 04:23:28 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:28 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009/04/11 15:19:26 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 15:19:26 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 15:19:26 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/04/11 15:19:27 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 15:19:27 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 15:19:27 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 04:23:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\SWSetup\SP42162\Winall\Driver64\IaStor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\SWSetup\SP42162\Winall\Driver\IaStor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\drivers\iaStor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3f3bdbbf\iaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2008/01/21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/04/11 15:19:42 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 15:19:42 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/04/11 15:19:47 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 15:19:47 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2008/01/21 04:24:45 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/21 04:24:45 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2009/04/11 15:20:12 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=30BFBDFB7F95559EDE971F9DDB9A00BA -- C:\Windows\System32\drivers\rdpwd.sys
[2009/04/11 15:20:12 | 000,180,736 | ---- | M] (Microsoft Corporation) MD5=30BFBDFB7F95559EDE971F9DDB9A00BA -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6002.18005_none_4d610153d22453a6\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/04/11 15:20:12 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 15:20:12 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
[2008/01/21 04:23:44 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\drivers\sfloppy.sys
[2008/01/21 04:23:44 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:44 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2008/01/21 04:24:34 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\System32\drivers\tdpipe.sys
[2008/01/21 04:24:34 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/01/21 04:24:34 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\System32\drivers\tdtcp.sys
[2008/01/21 04:24:34 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2006/11/02 11:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B51E52ACF758BE00EF3A58EA452FE360 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_35521f61\usbprint.sys
[2008/01/21 04:23:47 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\drivers\usbprint.sys
[2008/01/21 04:23:47 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_29f90369\usbprint.sys
[2008/01/21 04:23:47 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\winsxs\x86_usbprint.inf_31bf3856ad364e35_6.0.6001.18000_none_32f9c26ac169fb1e\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2008/01/21 04:23:52 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:52 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:52 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:52 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
[2009/04/11 15:20:07 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll
[2009/04/11 15:20:02 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll
[2008/01/21 04:24:29 | 000,009,216 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\wship6.dll
[2008/01/21 04:24:29 | 000,009,216 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\WSHTCPIP.DLL
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
< End of report >


EDIT Skynet : balises [code] ajoutées.
Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 

Re: Antimalware Doctor

Message le 20 Mai 2010 10:36

Et voilà le rapport de Extras:

Code: Tout sélectionner
OTL Extras logfile created on: 20/05/2010 11:12:58 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\corri83977\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 36,63 Gb Free Space | 49,35% Space Free | Partition Type: NTFS
Drive D: | 74,83 Gb Total Space | 17,79 Gb Free Space | 23,77% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ESC-090870
Current User Name: corri83977
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Parcourir avec XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Xinorbis4] -- "C:\Program Files\freshney.org\Xinorbis4\x4.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-815019230-3665974807-84351104-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Program Files\Free Music Zilla\FMZilla.exe" = C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F7EB1F5-0E2B-432B-B1F4-DA76AF06CAD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E56615A-9FCD-43D0-9A5B-3FB74196BF3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{115EB637-39EF-4F1C-BA3C-08C41AC93F95}" = protocol=17 | dir=in | app=c:\program files\dmv\maxtv4\maxtv.exe |
"{23770829-F7B3-42C7-8E12-2E39B91B31FF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3DA6DA48-39FB-4611-9C48-3953B52C4B25}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{44D20F4D-5556-40D3-AB5C-84E54F1E09DF}" = protocol=6 | dir=in | app=c:\program files\dmv\maxtv4\core\maxtv_xul.exe |
"{4FAFD00B-E59A-4099-A882-51E01A5DFBD1}" = protocol=6 | dir=in | app=c:\program files\dmv\maxtv4\maxtv.exe |
"{5CED006D-23BA-4783-A37C-F25FFAF7B958}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D88B61B-D436-4C67-B588-6B9057179EE0}" = protocol=17 | dir=in | app=c:\program files\dmv\maxtv4\recorder.exe |
"{77294975-5B7F-4544-A4F7-5190021B639C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8AA3E372-CAE1-4DB6-AC97-61BCFA08616E}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{92DB7319-746C-40F1-8E6F-E9C57A562B32}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{95F8B704-5669-44DB-9E14-465C753B29FA}" = protocol=6 | dir=in | app=c:\program files\dmv\maxtv4\recorder.exe |
"{A8FA9AC1-1CF1-4ADC-8B52-B45D117993EC}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{AABDB6B1-5CC3-4BE3-8DF1-80046F12FB01}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BDC2315C-5469-4FA2-AB34-2158DBF238D6}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C4960A73-CEA4-4B5F-B01D-140DC6276EF2}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{EC35E2FD-6A5C-4CAE-A04B-6F609020C025}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EC840B6E-D30B-45FB-BE44-442047F18348}" = protocol=17 | dir=in | app=c:\program files\dmv\maxtv4\core\maxtv_xul.exe |
"{EDA48932-7EE2-40CF-B79D-A6C49E5007A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1291D6CF-411C-4FCD-9085-67ECCC14D121}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6E691009-A0A2-430D-B3F0-E9318F19F83D}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"TCP Query User{A5D780C2-EEFF-47D5-842F-9DA337867A6B}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{E4B96BC6-B50C-40ED-9C4F-8BDC22CE21F9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E9A81B61-D1D5-4C20-B412-0CE82423F8AD}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{FE0FA1E4-E17E-4E4B-A279-D2065092F912}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{18A754BC-B588-4C18-98DA-F1A8E6CD0B7F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{217CA344-7E8B-4D21-9CD4-8D58F2CCBBA6}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{56141618-DFB7-4266-B9D3-48F90F6D3BEE}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{8B94A0A8-B35F-4457-91FD-E121A04EC587}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{C908A544-386A-4CC5-B299-87103C6E0E1D}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{E7F7ADF0-CDDC-4527-9B1C-5CE0C704C7C3}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095CCABA-A465-40E8-A518-30103EBD7170}" = Aide d'Activstudio (FRA) v3.5.1
"{09A3BCF1-CB0C-4D24-A2B9-EE4918B60E62}" = HP Wallpaper
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F31081B-2E83-4E38-B847-A74E9979DA64}" = MEDIAplus Plugin
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2C8B4F5E-1698-45E4-924C-F235B0BBB5C1}" = Certiport iQsystem 6.2
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3AF7602F-5BCC-4C6D-944F-86BD7B723E6B}" = Certiport iQsystem 6.2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA904CF-8B75-41AF-A5D2-F18A511536CA}" = LightScribe System Software
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{46422285-1723-43AB-AEA0-47DE12016A1C}" = Certiport iQsystem - French
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50391F9C-82FF-458F-A77B-DEF724E6140D}" = Service anti-programme malveillant Microsoft Forefront Client Security
"{52F3D4F5-A928-40CE-B2C1-E827AAA5975B}" = HP 3D DriveGuard
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B102825-6DEC-4808-BFE7-E4A596E7D8E6}" = Activdriver v4.1.12
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82BB647B-C09E-423D-8395-BFFBA0B8644B}" = TOL 7.0.27.6 Components
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{88657318-544E-445B-A806-B8099C617BFF}" = Ressources Activstudio (FRA) v3.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}_STANDARD_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}_STANDARD_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_STANDARD_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}_STANDARD_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{929B1254-D7F9-403A-8234-EE348E448820}" = Activstudio Professional Edition v3.5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.15.110.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC1FD114-0FD0-4C86-85E4-1FD10765D961}" = Documents Activstudio (FRA) v3.5.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E8B56B38-A826-11DB-8C83-0011430C73A4}" = Microsoft Forefront Client Security State Assessment Service
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F495E7CB-625F-4331-BFD4-0FA7CF8CF7A7}" = MEDIAplus Office 2007 FF
"{FC759117-A409-4939-8A50-243A867C9F35}" = MEDIAplus Plugin
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}" = AuthenTec Fingerprint System
"{FF05D3BC-A231-4E7E-86AE-7C7349421F9F}" = iQsystem 6.2 Patch
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Football Manager 2010" = Football Manager 2010
"Free Music Zilla_is1" = Free Music Zilla
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Le Sphinx" = Le Sphinx
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MaxTV" = MaxTV
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nvu_is1" = Nvu 1.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"ScummVM_is1" = ScummVM 1.0.0
"SecondLife" = SecondLife (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Installation Windows Live
"XnView_is1" = XnView 1.96.2
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-1834913581-721874356-3486338912-9079\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"GanttProject 2.0.10" = GanttProject 2.0.10
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 22/03/2010 15:07:11 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante FMZilla.exe, version 2.0.0.3, horodatage 0x4af269ee,
 module défaillant FMZilla.exe, version 2.0.0.3, horodatage 0x4af269ee, code d’exception
 0xc0000005, décalage d’erreur 0x000341a0,  ID du processus 0xd60, heure de début
de l’application 0x01cac9d1605f923f.
 
Error - 23/03/2010 12:40:38 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x0042d43d,  ID du processus 0x59c,
 heure de début de l’application 0x01cac9d1d57f0faf.
 
Error - 23/03/2010 14:43:59 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x0042d43d,  ID du processus 0x1f34,
 heure de début de l’application 0x01cacab86fcf72e0.
 
Error - 23/03/2010 16:11:44 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x0042d43d,  ID du processus 0xa28,
 heure de début de l’application 0x01cacac2c2391ef0.
 
Error - 23/03/2010 19:35:41 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x0042d43d,  ID du processus 0xf10,
 heure de début de l’application 0x01cacaa8be451f70.
 
Error - 24/03/2010 07:37:12 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x0042d43d,  ID du processus 0x253c,
 heure de début de l’application 0x01cacb2bc81370f0.
 
Error - 25/03/2010 02:44:22 | Computer Name = esc-090870.student.grenoble-em.com | Source = System Restore | ID = 8193
Description =
 
Error - 25/03/2010 02:45:44 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x0042d43d,  ID du processus 0x237c,
 heure de début de l’application 0x01cacb576adef3b0.
 
Error - 25/03/2010 05:57:18 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x0042d43d,  ID du processus 0x19c0,
 heure de début de l’application 0x01cacbe9ab8a8180.
 
Error - 25/03/2010 05:57:39 | Computer Name = esc-090870.student.grenoble-em.com | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18882, horodatage
 0x4b3ed243, module défaillant mshtml.dll, version 8.0.6001.18882, horodatage 0x4b3ee91c,
 code d’exception 0xc0000005, décalage d’erreur 0x00109189,  ID du processus 0x2710,
 heure de début de l’application 0x01cacc0147ad4db0.
 
[ OSession Events ]
Error - 22/09/2009 10:35:35 | Computer Name = esc-090870.student.grenoble-em.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2852
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 28/09/2009 18:18:19 | Computer Name = esc-090870.student.grenoble-em.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 15636 seconds with 960 seconds of active time.  This session ended with a
 crash.
 
Error - 30/10/2009 12:35:17 | Computer Name = esc-090870.student.grenoble-em.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 674
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19/05/2010 20:40:27 | Computer Name = esc-090870.student.grenoble-em.com | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19/05/2010 20:40:45 | Computer Name = esc-090870.student.grenoble-em.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d’une absence
 de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème
 temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté
 au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
 Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre
 administrateur.
 
Error - 19/05/2010 20:40:46 | Computer Name = esc-090870.student.grenoble-em.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d’une absence
 de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème
 temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté
 au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
 Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre
 administrateur.
 
Error - 19/05/2010 20:44:55 | Computer Name = esc-090870.student.grenoble-em.com | Source = FcsSas | ID = 141078
Description = Stratégie du service Forefront Client Security State Assessment Service
 appliquée avec des erreurs.    Paramètres suivants restaurés :     Type de planification
 : Intervalle  Heure : 12  Paramètre
 
Error - 19/05/2010 21:30:44 | Computer Name = esc-090870.student.grenoble-em.com | Source = NETLOGON | ID = 5719
Description = Cet ordinateur n'a pas pu configurer une session sécurisée avec un
 contrôleur  de domaine dans le domaine STUDENT pour la raison suivante :   %%1311    Cela
 peut entraîner des problèmes d'authentification. Vérifiez que cet  ordinateur est
 connecté au réseau. Si le problème persiste,  contactez votre administrateur de domaine.



INFORMATIONS
 SUPPLÉMENTAIRES    Si cet ordinateur est un contrôleur de domaine pour le domaine spécifié,
 il  installe la session sécurisée sur l'émulateur de contrôleur de domaine principal
 dans le domaine  spécifié. Sinon, cet ordinateur installe la session sécurisée sur
 n'importe quel contrôleur de domaine  du domaine spécifié.
 
Error - 19/05/2010 21:31:36 | Computer Name = esc-090870.student.grenoble-em.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d’une absence
 de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème
 temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté
 au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
 Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre
 administrateur.
 
Error - 19/05/2010 21:31:38 | Computer Name = esc-090870.student.grenoble-em.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d’une absence
 de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème
 temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté
 au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
 Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre
 administrateur.
 
Error - 19/05/2010 21:32:09 | Computer Name = esc-090870.student.grenoble-em.com | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19/05/2010 21:35:45 | Computer Name = esc-090870.student.grenoble-em.com | Source = FcsSas | ID = 141078
Description = Stratégie du service Forefront Client Security State Assessment Service
 appliquée avec des erreurs.    Paramètres suivants restaurés :     Type de planification
 : Intervalle  Heure : 12  Paramètre
 
Error - 20/05/2010 05:10:53 | Computer Name = esc-090870.student.grenoble-em.com | Source = NETLOGON | ID = 5719
Description = Cet ordinateur n'a pas pu configurer une session sécurisée avec un
 contrôleur  de domaine dans le domaine STUDENT pour la raison suivante :   %%1311    Cela
 peut entraîner des problèmes d'authentification. Vérifiez que cet  ordinateur est
 connecté au réseau. Si le problème persiste,  contactez votre administrateur de domaine.



INFORMATIONS
 SUPPLÉMENTAIRES    Si cet ordinateur est un contrôleur de domaine pour le domaine spécifié,
 il  installe la session sécurisée sur l'émulateur de contrôleur de domaine principal
 dans le domaine  spécifié. Sinon, cet ordinateur installe la session sécurisée sur
 n'importe quel contrôleur de domaine  du domaine spécifié.
 
 
< End of report >


EDIT Skynet : balises [code] ajoutées.
Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 

Message le 20 Mai 2010 14:20

Bonjour,

vous avez une consigne en haut du forum pour les rapports, de même lorsque vous postez c'est encore indiqué bien évidence.

Merci de la respecter.

Bonne continuation.
Avatar de l'utilisateur
Skynet
Moderateur
Moderateur
 
Messages: 14807
Inscription: 19 Juil 2007 21:12
 

Re: Antimalware Doctor

Message le 20 Mai 2010 19:37

bonsoir,

il est bien infecté dit donc ton pc, je regarde les rapports :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Antimalware Doctor

Message le 20 Mai 2010 19:47

re moi,

tu as une infection qui se propage par support amovible (Clef USB, DD externe, carte photo SD,etc;;;

pendant que j'analyse en détaille le rapport fait cela...


Branche tes clefs USB, DD externe (en position "marche) etc...



Télécharge USBFix ( par Chiquitine29, C_XX & Chimay8 ) sur ton bureau,
  • Fais un double-clic sur l'icône d'USBFix afin de le lancer.
  • Fais le choix F (Français) et valide avec la touche Entrée
  • Fais le choix N°1 (recherche) et valide avec la touche Entrée
  • Laisse travailler USBFix et poste le rapport qui sera générer en fin de scan en utilisant les balises [code ] [/code].
  • Ne choisis pas d'autres options sans mon accord :wink:

@SkYnet:
je ne met pas mes script de commandes en balise code, car en copié/collé cela rajoute une marge que les tools de scan/suppression ne peuvent pas gérer
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Antimalware Doctor

Message le 20 Mai 2010 20:24

Je suis en train de faire le scan, mais le problème est que j'ai deux clé USB que j'utilise souvent qui sont à 900 Km de chez moi donc impossible à récupérer...Le problème peut-il provenir de ces clés?
Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 

Re: Antimalware Doctor

Message le 20 Mai 2010 20:30

Voilà le rapport
Code: Tout sélectionner
############################## | UsbFix V6.114 |

User : corri83977 () # ESC-090870
Update on 17/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:21:34 | 20/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU     P7570  @ 2.26GHz
Microsoft® Windows Vista™ Professionnel  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 74,22 Go (36,33 Go free) [SYSTEME] # NTFS
D:\ -> Disque fixe local # 74,83 Go (17,79 Go free) [DONNEES] # NTFS
E:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
F:\ -> Disque CD-ROM # 2,32 Go (0 Mo free) [FM2010] # UDF
G:\ -> Disque amovible # 1,87 Go (311,28 Mo free) [UDISK] # FAT

################## | Elements infectieux |

C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job 
C:\Windows\System32\autorun.inf 
C:\Windows\System32\sshnas21.dll 
F:\autorun.inf 
F:\autorun.exe 
G:\autorun.inf 

################## | Registre |

[HKCU\SOFTWARE\M5T8QL3YW3] 
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "M5T8QL3YW3" 
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "corri83977" 

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{04f5be64-1a1c-11df-a3fa-0025b375d22d}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CORRI83977.EXe

HKCU\..\..\Explorer\MountPoints2\{0e4d9d9f-fca5-11de-a8c8-0025b375d22d}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\nobLe84759.EXE

HKCU\..\..\Explorer\MountPoints2\{2a35a372-35c4-11df-a5e0-00247e91681d}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\RABeA84793.exe

HKCU\..\..\Explorer\MountPoints2\{5a63ca30-dac9-11de-9593-00247e91681d}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CorRI83977.EXE

HKCU\..\..\Explorer\MountPoints2\{5ada477e-238c-11df-96d6-00247e91681d}
shell\AutoRun\command =G:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{636838d1-9c40-11de-bdf5-00247e91681d}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\activation_kms.bat

HKCU\..\..\Explorer\MountPoints2\{64a91371-e965-11de-9b75-00247e91681d}
shell\AutoRun\command =F:\svchost.exe

HKCU\..\..\Explorer\MountPoints2\{7a542e6d-e3dd-11de-baef-00247e91681d}
shell\AutoRun\command =F:\svchost.exe

HKCU\..\..\Explorer\MountPoints2\{7bc4ae70-ae08-11de-8eb3-00247e91681d}
shell\AutoRun\command =svchost.exe

HKCU\..\..\Explorer\MountPoints2\{9bd9c023-c5b6-11de-b17f-00247e91681d}
shell\AutoRun\command =F:\svchost.exe

HKCU\..\..\Explorer\MountPoints2\{ae589f21-dd9e-11de-a808-00247e91681d}
shell\AutoRun\command =G:\svchost.exe

HKCU\..\..\Explorer\MountPoints2\{bdb9a7de-0433-11df-b808-00247e91681d}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cOrri83977.EXe

HKCU\..\..\Explorer\MountPoints2\{d70870c4-283b-11df-a8e9-00247e91681d}
shell\AutoRun\command =F:\autorun.exe

################## | Vaccin |


################## | ! Fin du rapport # UsbFix V6.114 ! |
Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 

Re: Antimalware Doctor

Message le 20 Mai 2010 20:47

OK,

Relance USBFix et choisie l'option N°2(Suppression)

ensuite

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\Program Files\LimeWire
C:\ProgramData\Activ Software
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\Windows\lsrslt.ini
C:\Windows\System32\tmp.reg
C:\Users\Etudiant\Desktop\Antimalware Doctor.lnk
C:\Windows\System32\sshnas21.dll
C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C
C:\Users\corri83977\AppData\Roaming\LimeWire
C:\DOTT.EXE
C:\TENTACLE.EXE
C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C\gotnewupdate000.exe

:OTL
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
MOD - C:\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM\..\Run: [AWDPopupInit] File not found
O4 - HKLM\..\Run: [AWDTSGate] File not found
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..\Run: [corri83977] C:\Users\corri83977\corri83977.exe File not found
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079\..\Run: [M5T8QL3YW3] C:\Users\CORRI8~1\AppData\Local\Temp\Qdd.exe File not found
O4 - Startup: C:\Users\corri83977\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - HKU\S-1-5-21-1834913581-721874356-3486338912-9079..\Run: [gotnewupdate000.exe] C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C\gotnewupdate000.exe (MS)
:Commands
[emptytemp]



* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapports va s'ouvrir "OTL.Txt".
* Copie et colle le rapport dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Donc pour résumer, il me faut:
  • Le rapport USBFix optionN°2
  • Le rapport généré par OTL


@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Message le 20 Mai 2010 20:52

jeanmimigab a écrit:@SkYnet: je ne met pas mes script de commandes en balise code, car en copié/collé cela rajoute une marge que les tools de scan/suppression ne peuvent pas gérer

Viiii, mais quand je disais "Vous" c'était pas vous "deux". ;)

Du coup, même réponse que pour Bernard53 :

Skynet a écrit:@bernard53 : oh tu sais c'est pas bien méchant si tu oublies les balises [code], les helpers ont rarement des posts à rallonge. C'est surtout les demandeurs qui doivent passer par là ;). J'ai revu une quinzaine de topics (les derniers) et c'est fou comme le scroll devient plus agréable. ;)


++ ;)
Avatar de l'utilisateur
Skynet
Moderateur
Moderateur
 
Messages: 14807
Inscription: 19 Juil 2007 21:12
 

Re: Antimalware Doctor

Message le 20 Mai 2010 21:36

Le rapport USBFIX 2:

Code: Tout sélectionner
############################## | UsbFix V6.114 |

User : corri83977 () # ESC-090870
Update on 17/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:26:42 | 20/05/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU     P7570  @ 2.26GHz
Microsoft® Windows Vista™ Professionnel  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 74,22 Go (36,32 Go free) [SYSTEME] # NTFS
D:\ -> Disque fixe local # 74,83 Go (18,07 Go free) [DONNEES] # NTFS
E:\ -> Disque CD-ROM # 0 Mo (0 Mo free) [Audio CD] # CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 1,87 Go (311,25 Mo free) [UDISK] # FAT

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-21-1834913581-721874356-3486338912-9079
Supprimé ! D:\$Recycle.Bin\S-1-5-21-1834913581-721874356-3486338912-9079

################## | Registre |


################## | Mountpoints2 |


################## | Listing des fichiers présent |

[18/09/2006 23:43|--a------|24] C:\autoexec.bat
[11/04/2009 15:20|-rahs----|333257] C:\bootmgr
[10/08/2009 08:13|-ra-s----|8192] C:\BOOTSECT.BAK
[13/05/2010 19:59|--a------|245271] C:\codes_dott.zip
[18/09/2006 23:43|--a------|10] C:\config.sys
[28/11/2009 17:28|--a------|770] C:\deltaStartup.log
[?|?|?] C:\hiberfil.sys
[24/12/2009 11:52|-rahs----|0] C:\IO.SYS
[24/12/2009 11:52|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[20/05/2010 02:21|--a------|2555] C:\rapport.txt
[13/08/2009 10:03|--a------|163] C:\Setup.log
[20/05/2010 22:32|--a------|1640] C:\UsbFix.txt
[20/05/2010 22:06|--a------|176123] C:\UsbFix_Upload_Me_STUDENT.zip
[13/08/2009 10:00|--a------|86] C:\webcam.log
[01/01/1995 02:00|-r-------|44] E:\Track01.cda
[01/01/1995 02:00|-r-------|44] E:\Track02.cda
[01/01/1995 02:00|-r-------|44] E:\Track03.cda
[01/01/1995 02:00|-r-------|44] E:\Track04.cda
[01/01/1995 02:00|-r-------|44] E:\Track05.cda
[01/01/1995 02:00|-r-------|44] E:\Track06.cda
[01/01/1995 02:00|-r-------|44] E:\Track07.cda
[01/01/1995 02:00|-r-------|44] E:\Track08.cda
[01/01/1995 02:00|-r-------|44] E:\Track09.cda
[01/01/1995 02:00|-r-------|44] E:\Track10.cda
[01/01/1995 02:00|-r-------|44] E:\Track11.cda
[13/04/2010 18:15|--a------|1713152] G:\Doc2.doc
[08/01/2009 03:35|--a------|134886] G:\Veco.docx
[20/05/2010 21:59|--a------|1620] G:\BOOTEX.LOG
[14/04/2010 15:56|--a------|109633] G:\Veja.docx
[15/04/2010 15:37|--a------|12683] G:\Dossier de vente.docx

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# G:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_STUDENT.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution . 

################## | ! Fin du rapport # UsbFix V6.114 ! |

Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 

Re: Antimalware Doctor

Message le 20 Mai 2010 21:37

Le rapport OTL:

Code: Tout sélectionner
All processes killed
========== FILES ==========
C:\Program Files\LimeWire\root\magnet10 folder moved successfully.
C:\Program Files\LimeWire\root folder moved successfully.
C:\Program Files\LimeWire\lib folder moved successfully.
C:\Program Files\LimeWire\.NetworkShare folder moved successfully.
C:\Program Files\LimeWire folder moved successfully.
C:\ProgramData\Activ Software\Activstudio3 folder moved successfully.
C:\ProgramData\Activ Software\ActivApplications folder moved successfully.
C:\ProgramData\Activ Software folder moved successfully.
File\Folder C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
C:\Windows\lsrslt.ini moved successfully.
C:\Windows\System32\tmp.reg moved successfully.
C:\Users\Etudiant\Desktop\Antimalware Doctor.lnk moved successfully.
File\Folder C:\Windows\System32\sshnas21.dll not found.
C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\xml\data folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\xml folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\promotion folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\certificate folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\browser folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.
C:\Users\corri83977\AppData\Roaming\LimeWire folder moved successfully.
C:\DOTT.EXE moved successfully.
C:\TENTACLE.EXE moved successfully.
File\Folder C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C\gotnewupdate000.exe not found.
========== OTL ==========
No active process named LimeWire.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_USERS\S-1-5-21-1834913581-721874356-3486338912-9079\\Software\Microsoft\Windows\CurrentVersion\Run\\corri83977 not found.
Registry value HKEY_USERS\S-1-5-21-1834913581-721874356-3486338912-9079\\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 not found.
C:\Users\corri83977\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk moved successfully.
File C:\Program Files\LimeWire\LimeWire.exe not found.
Registry value HKEY_USERS\S-1-5-21-1834913581-721874356-3486338912-9079\Software\Microsoft\Windows\CurrentVersion\Run\\gotnewupdate000.exe deleted successfully.
File C:\Users\corri83977\AppData\Roaming\019EAFC61E3E101EECC29BFB70B2AB7C\gotnewupdate000.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: choux84542
 
User: corri83977
 
User: Default
 
User: Default - Copie
 
User: Default User
 
User: e-center
 
User: Etudiant
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 16232 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 191096 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.5.0 log created on 05202010_221923

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 

Re: Antimalware Doctor

Message le 20 Mai 2010 21:52

re, c'est pas mal...

Tyu auras remarqué que j'ai virer limewire, ce porg de P2P contient un Spyware >> donc à ne pas réinstaller.

fais cela stp...
  • télécharge Malwarebytes >>ici
  • Pour t'aiderun super tuto de Danakil à lire avant le scan.
  • Choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et clique sur supprimer la sélection.
  • Poste moi le rapport stp.
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Antimalware Doctor

Message le 20 Mai 2010 22:02

Voilà le rapport de Malwarebytes:

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

20/05/2010 23:01:40
mbam-log-2010-05-20 (23-01-40).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 148953
Temps écoulé: 7 minute(s), 20 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Etudiant\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Manuch78
Visiteur
Visiteur
 
Messages: 8
Inscription: 20 Mai 2010 02:11
 

Suivante


Sujets similaires

Message antimalware
Bonjour, je voudrais me débarasser de mystart4dealwifi, j'ai utiliser plusieurs antimalware pour ca mais rien ne marche, est ce que vous avez déjà eu ce problème? autre chose, pkoi est ce que certains antispyware sont payants et d'autres pas? Cyril
Réponses: 3

Message Antimalware Service Executable
BonjourFait ceci pour voir un peu plus s.t.p.Télécharges ZHPDIAG (de Nicolas Coolman) sur ton bureau.Doubles-clique sur l'icône ZHPDiag .exe pour l?installation.Double-clique ensuite sur l?icône ZHPDiag puis : Valide Scanner puis Valide Rapport à la fin du scan : Ce dernier est aussi sauveg ...
Réponses: 1

Message problème de suppression (microsoft antimalware)
Bonsoir, voici mon problème,j'ai voulu désinstaller microsoft essential security pour en mettre un autre à la place(avira).je désinstalle donc l'antivirus de microsoft, tout se déroule bien et j'installe avira, tout est ok.Je redémarre pon pc(bureau, window 7 x64), et quand je regarde dans les proc ...
Réponses: 3

Message malwarebytes antimalware se bloque après 4 minutes
BonjourJe pense plus a un bug de MalwaresBytes car tout fonctionne en mode normal.Le dossier Wbem est créé par Windows.MalwaresBytes est bien à jour je pense?
Réponses: 1

Message incertitude concernant antimalware doctor
bonjour je suis sur pc (vista) et j ai pc tools spyware doctor. Dans son dernier rapport d'analyse il m' informe de la présence d'une menace (degrés: moyenne) s'appelant "RogueAntiSpyware.CoreGuardAntivirus2009!rem" et dans le détail du fichier apparaît le nom d' "antimalware doctor&q ...
Réponses: 24

Message pb suite désinfection malware doctor
Bonjour & bienvenue,j'ai fusionné vos sujets et supprimé votre premier rapport qui était trop long pour être hébergé ici.A lire : jeanmimigab a écrit:* NOTE: Si ceux ci sont trop long déposez-les sur CiJoint.fr et communiquer au helper le lien correspondant à vos rapports afin qu'il puisse les t ...
Réponses: 7

Message antimalware doctor : au secours
Bonjour, quand j'allume mon ordi, j'ai tout de suite une fenêtre qui s'ouvre avec écrit : """"" WARNING !!! antimalware doctor has detected 18 infected oblects on your computer during the last system scann """"" or je n'ai jamais fait de scan, n ...
Réponses: 1


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 9 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.