Il y a actuellement 362 visiteurs
Dimanche 24 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Peur d'être hack ou contrôle de PC • page 2

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Répondre

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 21:23

OTL.Txt(2eme partie) :

Code: Tout sélectionner
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/18 22:02:53 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/05/18 21:48:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\SoftwareUpdateTaskMachineUA.job
[2012/05/18 21:42:20 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 21:42:20 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 21:39:45 | 001,659,834 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/05/18 21:39:45 | 000,933,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/18 21:39:45 | 000,456,498 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/05/18 21:39:45 | 000,390,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/18 21:39:45 | 000,006,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/18 21:34:41 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 21:34:33 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\SoftwareUpdateTaskMachineCore.job
[2012/05/18 21:34:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 21:33:55 | 377,901,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 21:11:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 21:06:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 20:35:50 | 000,006,668 | ---- | M] () -- C:\Users\Sabrinaa\Documents\SCAN LONG
[2012/05/18 19:39:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSabrina.job
[2012/05/18 19:15:32 | 000,000,664 | RHS- | M] () -- C:\Users\Sabrinaa\ntuser.pol
[2012/05/18 19:11:53 | 000,878,876 | ---- | M] () -- C:\Users\Sabrinaa\AppData\Local\census.cache
[2012/05/18 19:10:41 | 000,139,849 | ---- | M] () -- C:\Users\Sabrinaa\AppData\Local\ars.cache
[2012/05/18 18:51:54 | 000,000,036 | ---- | M] () -- C:\Users\Sabrinaa\AppData\Local\housecall.guid.cache
[2012/05/18 18:24:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/18 17:49:55 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSabrinaa.job
[2012/05/16 15:05:34 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/16 14:28:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/16 13:55:34 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/05/16 13:43:01 | 000,002,448 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/05/16 13:06:46 | 000,014,007 | ---- | M] () -- C:\Users\Sabrinaa\Desktop\Evernote.lnk
[2012/05/16 12:51:56 | 000,002,197 | ---- | M] () -- C:\Users\Sabrinaa\Desktop\HP Support Assistant.lnk
[2012/05/16 12:51:19 | 000,001,345 | ---- | M] () -- C:\Users\Sabrinaa\Desktop\Media Center.lnk
[2012/05/16 12:51:02 | 000,001,170 | ---- | M] () -- C:\Users\Sabrinaa\Desktop\OpenOffice.org.lnk
[2012/05/14 00:14:18 | 000,001,178 | ---- | M] () -- C:\Users\Sabrinaa\Desktop\TeamViewer 7.lnk
[2012/05/14 00:14:18 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/05/12 21:04:14 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNEVERLAND$.job
[2012/05/05 00:06:14 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/05 00:06:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/05 00:06:09 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/01 13:31:36 | 000,001,239 | ---- | M] () -- C:\Users\Sabrinaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/04/29 00:21:27 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/04/28 01:24:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRodmilla.job
[2012/04/28 00:20:53 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Antivirus.lnk
[2012/04/22 00:23:42 | 000,001,843 | ---- | M] () -- C:\Users\Sabrinaa\Desktop\GeoGebra.lnk
[2012/04/21 19:58:08 | 000,001,816 | ---- | M] () -- C:\Users\Sabrinaa\Desktop\Tunatic.lnk
[2012/04/21 17:58:51 | 000,001,614 | ---- | M] () -- C:\user.js
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/18 22:02:53 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/05/18 20:35:50 | 000,006,668 | ---- | C] () -- C:\Users\Sabrinaa\Documents\SCAN LONG
[2012/05/18 19:11:53 | 000,878,876 | ---- | C] () -- C:\Users\Sabrinaa\AppData\Local\census.cache
[2012/05/18 19:10:41 | 000,139,849 | ---- | C] () -- C:\Users\Sabrinaa\AppData\Local\ars.cache
[2012/05/18 18:57:05 | 000,000,664 | RHS- | C] () -- C:\Users\Sabrinaa\ntuser.pol
[2012/05/18 18:51:54 | 000,000,036 | ---- | C] () -- C:\Users\Sabrinaa\AppData\Local\housecall.guid.cache
[2012/05/18 18:24:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/16 15:05:22 | 000,292,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/16 14:28:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/16 13:55:34 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/05/16 13:55:33 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/05/16 13:06:46 | 000,014,007 | ---- | C] () -- C:\Users\Sabrinaa\Desktop\Evernote.lnk
[2012/05/16 12:59:57 | 000,002,448 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/05/16 12:51:56 | 000,002,197 | ---- | C] () -- C:\Users\Sabrinaa\Desktop\HP Support Assistant.lnk
[2012/05/16 12:51:19 | 000,001,345 | ---- | C] () -- C:\Users\Sabrinaa\Desktop\Media Center.lnk
[2012/05/16 12:51:02 | 000,001,170 | ---- | C] () -- C:\Users\Sabrinaa\Desktop\OpenOffice.org.lnk
[2012/05/14 00:14:18 | 000,001,178 | ---- | C] () -- C:\Users\Sabrinaa\Desktop\TeamViewer 7.lnk
[2012/05/14 00:14:18 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/05/01 13:31:36 | 000,001,239 | ---- | C] () -- C:\Users\Sabrinaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/04/28 00:20:53 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Antivirus.lnk
[2012/04/21 19:58:08 | 000,001,816 | ---- | C] () -- C:\Users\Sabrinaa\Desktop\Tunatic.lnk
[2012/04/20 12:46:29 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSabrinaa.job
[2012/04/20 01:06:45 | 000,001,843 | ---- | C] () -- C:\Users\Sabrinaa\Desktop\GeoGebra.lnk
[2012/03/30 02:05:50 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/03/30 01:56:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/02/10 16:06:16 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2012/01/12 02:53:36 | 000,006,438 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/12 00:47:15 | 000,000,068 | ---- | C] () -- C:\Windows\SPCDR.INI
[2012/01/12 00:47:07 | 000,000,076 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/01/12 00:47:02 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/01/12 00:47:02 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/01/12 00:47:02 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/12/31 20:56:17 | 000,000,141 | ---- | C] () -- C:\Windows\disney.ini
[2011/09/22 19:08:56 | 003,902,976 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/08/22 21:07:48 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/08/22 21:07:02 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/08/22 21:07:00 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/08/22 21:06:30 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/08/22 21:06:30 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/08/22 21:06:30 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/08/22 21:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/08/22 21:06:28 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/08/22 21:06:26 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/08/22 21:06:26 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/15 22:11:58 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/05/30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/13 07:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/05/10 19:57:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/05/10 19:57:06 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/10 19:57:00 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/03/03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/08/18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2010/05/24 21:33:00 | 004,670,829 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/05/24 21:33:00 | 001,447,921 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010/05/24 21:33:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010/05/24 21:33:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010/05/24 21:33:00 | 000,139,944 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/05/24 21:33:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/04/21 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Babylon
[2012/04/15 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\FreeVideoConverter
[2012/05/16 14:08:10 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\ImgBurn
[2012/05/01 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\OpenOffice.org
[2012/05/13 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\SoftGrid Client
[2012/04/14 13:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Synaptics
[2012/05/16 12:59:50 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\WildTangent
[2012/05/15 19:27:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Windows Live Writer
[2012/05/14 11:30:39 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/18 21:34:33 | 000,001,086 | ---- | M] () -- C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
[2012/05/18 21:48:00 | 000,001,090 | ---- | M] () -- C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon /s >[/color]
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2011/07/16 07:39:22 | 002,616,320 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"DefaultDomainName" =
"DefaultUserName" =
"Userinit" = userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/14 03:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"allocatecdroms" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
"" = Wireless Group Policy
"DisplayName" = @wlgpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessWLANPolicyEx
"GenerateGroupPolicy" = GenerateWLANPolicy
"DllName" = wlgpclnt.dll -- [2009/07/14 03:16:19 | 000,118,784 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
"" = Folder Redirection
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"DllName" = fdeploy.dll -- [2010/11/21 05:24:16 | 000,059,904 | ---- | M] (Microsoft Corporation)
"NoMachinePolicy" = 1
"NoSlowLink" = 1
"PerUserLocalSettings" = 1
"NoGPOListChanges" = 0
"NoBackgroundPolicy" = 0
"GenerateGroupPolicy" = GenerateGroupPolicy
"EventSources" = (Folder Redirection,Application) [binary data]
"DisplayName" = @fdeploy.dll,-261
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
"" = Microsoft Disk Quota
"DisplayName" = @%SystemRoot%\System32\dskquota.dll,-100
"NoMachinePolicy" = 0
"NoUserPolicy" = 1
"NoSlowLink" = 1
"NoBackgroundPolicy" = 1
"NoGPOListChanges" = 1
"PerUserLocalSettings" = 0
"RequiresSuccessfulRegistry" = 1
"EnableAsynchronousProcessing" = 0
"DllName" = %SystemRoot%\System32\dskquota.dll -- [2009/07/14 03:15:13 | 000,087,040 | ---- | M] (Microsoft Corporation)
"ProcessGroupPolicy" = ProcessGroupPolicy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
"" = QoS Packet Scheduler
"DisplayName" = @gptext.dll,-201
"ProcessGroupPolicy" = ProcessPSCHEDPolicy
"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
"" = Internet Explorer Zonemapping
"ProcessGroupPolicy" = ProcessGroupPolicyForZoneMap
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/07/15 21:55:50 | 000,353,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
"" = Windows Search Group Policy Extension
"ProcessGroupPolicy" = ProcessGroupPolicy
"DllName" = %SystemRoot%\System32\srchadmin.dll -- [2010/11/21 05:25:15 | 000,301,568 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"NoSlowLink" = 0
"NoGPOListChanges" = 1
"NoUserPolicy" = 0
"NoMachinePolicy" = 0
"PerUserLocalSettings" = 0
"EnableAsynchronousProcessing" = 1
"NoBackgroundPolicy" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
"" = Internet Explorer User Accelerators
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/07/15 21:55:50 | 000,353,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"" = Security -- [2009/07/14 03:09:53 | 000,004,608 | ---- | M] (Microsoft Corporation)
"DisplayName" = @(runtime.system32)\scecli.dll,-7650
"ProcessGroupPolicy" = SceProcessSecurityPolicyGPO
"GenerateGroupPolicy" = SceGenerateGroupPolicy
"ExtensionRsopPlanningDebugLevel" = 1
"ProcessGroupPolicyEx" = SceProcessSecurityPolicyGPOEx
"ExtensionDebugLevel" = 1
"DllName" = scecli.dll -- [2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"EnableAsynchronousProcessing" = 1
"MaxNoGPOListChangesInterval" = 960
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
"" = Deployed Printer Connections
"DisplayName" = @%systemroot%\system32\gpprnext.dll,-1
"DllName" = %systemroot%\system32\gpprnext.dll -- [2009/07/14 03:15:24 | 000,033,792 | ---- | M] (Microsoft Corporation)
"EnableAsynchronousProcessing" = 1
"ExtensionEventSource" =
"GenerateGroupPolicy" = PrinterGenerateGroupPolicy
"MaxNoGPOListChangesInterval" = 0
"NoBackgroundPolicy" = 0
"NoGPOListChanges" = 0
"NoMachinePolicy" = 0
"NoSlowLink" = 1
"NotifyLinkTransition" = 0
"NoUserPolicy" = 0
"PerUserLocalSettings" = 0
"ProcessGroupPolicy" = PrinterProcessGroupPolicy
"ProcessGroupPolicyEx" = PrinterProcessGroupPolicyEx
"RequiresSuccessfulRegistry" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"" = Internet Explorer Branding
"ProcessGroupPolicy" = ProcessGroupPolicy
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/07/15 21:55:50 | 000,353,584 | ---- | M] (Microsoft Corporation)
"GenerateGroupPolicy" = GenerateGroupPolicy
"NoSlowLink" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyEx
"NoGPOListChanges" = 1
"NoMachinePolicy" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3014
"NoBackgroundPolicy" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
"" = 802.3 Group Policy
"DisplayName" = @dot3gpclnt.dll,-100
"ProcessGroupPolicyEx" = ProcessLANPolicyEx
"GenerateGroupPolicy" = GenerateLANPolicy
"DllName" = dot3gpclnt.dll -- [2009/07/14 03:15:12 | 000,074,752 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
"" = TCPIP
"DisplayName" = @gptext.dll,-204
"ProcessGroupPolicy" = ProcessTCPIPPolicy
"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
"" = Internet Explorer Machine Accelerators
"ProcessGroupPolicy" = ProcessGroupPolicyForActivities
"DllName" = C:\Windows\SysWOW64\iedkcs32.dll -- [2011/07/15 21:55:50 | 000,353,584 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
"ProcessGroupPolicyEx" = ProcessGroupPolicyForActivitiesEx
"NoGPOListChanges" = 1
"DisplayName" = @C:\Windows\SysWOW64\iedkcs32.dll,-3051
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
"" = IP Security
"ProcessGroupPolicyEx" = ProcessIPSECPolicyEx
"GenerateGroupPolicy" = GenerateIPSECPolicy
"DllName" = %SystemRoot%\System32\polstore.dll -- [2009/07/14 03:16:12 | 000,273,920 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
"" = Enterprise QoS
"DisplayName" = @gptext.dll,-203
"ProcessGroupPolicy" = ProcessEQoSPolicy
"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)
"RequiresSuccessfulRegistry" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
"" = CP
"DisplayName" = @gptext.dll,-205
"ProcessGroupPolicy" = ProcessConnectivityPlatformPolicy
"DllName" = gptext.dll -- [2009/07/14 03:15:24 | 000,018,944 | ---- | M] (Microsoft Corporation)
"NoUserPolicy" = 1
"NoGPOListChanges" = 1
"RequiresSuccessfulRegistry" = 1
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >[/color]
"" = C:\Program Files (x86)\Internet Explorer\iexplore.exe -- [2011/07/15 21:55:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
 
[color=#A23BEC]< %temp%\smtmp\1\*.* /s >[/color]
 
[color=#A23BEC]< %temp%\smtmp\2\*.* /s >[/color]
 
[color=#A23BEC]< %temp%\smtmp\4\*.* /s >[/color]
 
[color=#A23BEC]< nslookup www.google.fr /c >[/color]
Serveur :   dns1.proxad.net
Address:  212.27.40.240
Nom :    www-cctld.l.google.com
Addresses:  2a00:1450:4007:803::1017
     173.194.78.94
Aliases:  WWW.GOOGLE.FR
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2012/04/26 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Adobe
[2012/04/14 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Apple Computer
[2012/04/28 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Avira
[2012/04/21 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Babylon
[2012/04/14 20:17:08 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\CyberLink
[2012/04/15 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\FreeVideoConverter
[2012/04/20 12:46:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Hewlett-Packard
[2012/04/14 13:45:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\hpqLog
[2012/04/14 13:44:31 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Identities
[2012/05/16 14:08:10 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\ImgBurn
[2012/04/14 13:45:45 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Intel Corporation
[2012/03/26 19:19:40 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Macromedia
[2012/05/18 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Malwarebytes
[2012/03/30 11:50:25 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Media Center Programs
[2012/05/13 21:52:58 | 000,000,000 | --SD | M] -- C:\Users\Sabrinaa\AppData\Roaming\Microsoft
[2012/04/21 17:58:59 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Mozilla
[2012/05/01 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\OpenOffice.org
[2012/05/18 19:06:31 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Skype
[2012/05/13 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\SoftGrid Client
[2012/04/14 13:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Synaptics
[2012/05/16 14:17:21 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\vlc
[2012/05/16 12:59:50 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\WildTangent
[2012/05/15 19:27:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\Windows Live Writer
[2012/04/18 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Sabrinaa\AppData\Roaming\WinRAR
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2012/03/26 19:19:36 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Sabrinaa\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/05/16 13:00:15 | 000,989,384 | ---- | M] (WildTangent) -- C:\Users\Sabrinaa\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
[2012/05/16 13:00:05 | 000,000,178 | ---- | M] () -- C:\Users\Sabrinaa\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata
[2012/05/04 20:23:16 | 000,571,008 | ---- | M] (WildTangent, Inc.) -- C:\Users\Sabrinaa\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: CTFMON.EXE  >[/color]
[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: DWM.EXE  >[/color]
[2009/07/14 03:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\SysNative\dwm.exe
[2009/07/14 03:39:08 | 000,120,320 | ---- | M] (Microsoft Corporation) MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwm.exe
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/07/16 07:39:22 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/16 07:39:22 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/16 07:39:22 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/16 07:39:22 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/16 07:39:22 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/16 07:39:22 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/04/26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/07/16 07:41:11 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/07/16 07:41:11 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/07/16 07:41:11 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/07/16 07:41:11 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2011/07/16 07:34:41 | 000,950,656 | ---- | M] (Microsoft Corporation) MD5=303310C91F8C0740ED1C76851C759874 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.21628_none_066fff3d4bd0b870\ndis.sys
[2010/11/21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2011/07/16 07:34:41 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\SysNative\drivers\ndis.sys
[2011/07/16 07:34:41 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17530_none_05d3903632c269df\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2011/07/16 07:41:11 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/07/16 07:41:11 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/07/16 07:41:11 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/07/16 07:41:11 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\SysNative\drivers\rasacd.sys
[2009/07/14 02:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPCLIP.EXE  >[/color]
[2010/11/21 05:24:42 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=25D284EB2F12254C001AFE9A82575A81 -- C:\Windows\winsxs\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_6.1.7601.17514_none_5ffc161221c1b4f6\rdpclip.exe
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2012/02/17 06:48:21 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=0B93AA14E7DCD85CC82BC7D7D1CA9B24 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_aa1a604804c7c5cb\rdpwd.sys
[2010/11/21 05:24:29 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys
[2012/02/17 06:58:24 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=6D76E6433574B058ADCB0C50DF834492 -- C:\Windows\SysNative\drivers\rdpwd.sys
[2012/02/17 06:58:24 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=6D76E6433574B058ADCB0C50DF834492 -- C:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_a95fb36cebce3342\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\drivers\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\SysNative\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/14 02:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- C:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPTD.SYS  >[/color]
[2012/01/02 14:06:50 | 000,530,488 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\SysNative\drivers\sptd.sys
 
[color=#A23BEC]< MD5 for: TASKENG.EXE  >[/color]
[2010/11/21 05:23:53 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\SysWOW64\taskeng.exe
[2010/11/21 05:23:53 | 000,192,000 | ---- | M] (Microsoft Corporation) MD5=4F2659160AFCCA990305816946F69407 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe
[2010/11/21 05:24:27 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\SysNative\taskeng.exe
[2010/11/21 05:24:27 | 000,464,384 | ---- | M] (Microsoft Corporation) MD5=65EA57712340C09B1B0C427B4848AE05 -- C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe
 
[color=#A23BEC]< MD5 for: TASKHOST.EXE  >[/color]
[2010/11/21 05:24:08 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\SysNative\taskhost.exe
[2010/11/21 05:24:08 | 000,069,120 | ---- | M] (Microsoft Corporation) MD5=517110BD83835338C037269E603DB55D -- C:\Windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_8664adc870f5633a\taskhost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2011/09/29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/03/30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2012/03/30 11:53:01 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2012/03/30 11:53:01 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/07/16 07:39:33 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2011/07/16 07:39:33 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2011/09/29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\SysNative\drivers\tdpipe.sys
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_399662915b82edbf\tdpipe.sys
[2009/07/14 02:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_3a510f6c747c8048\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2012/02/17 06:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=51C5ECEB1CDEE2468A1748BE550CFBC8 -- C:\Windows\SysNative\drivers\tdtcp.sys
[2012/02/17 06:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=51C5ECEB1CDEE2468A1748BE550CFBC8 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_399662915b82edbf\tdtcp.sys
[2012/02/17 06:47:38 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=7463523827B104317DE03A87C6D3EA1B -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_3a510f6c747c8048\tdtcp.sys
[2009/07/14 02:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- C:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\drivers\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\SysNative\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/14 02:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- C:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysNative\drivers\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\SysNative\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/14 02:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- C:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: VOLSNAP.SYS  >[/color]
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
[color=#A23BEC]< %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* >[/color]
[2012/05/18 21:32:34 | 000,013,916 | ---- | M] () -- C:\Users\Sabrinaa\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-05-18 (20-36-04).txt
[2012/05/18 21:57:08 | 000,002,594 | ---- | M] () -- C:\Users\Sabrinaa\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-05-18 (21-49-16).txt

< End of report >
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 
Haut

Re: Peur d'être hack ou contrôle de PC

Message le 18 Mai 2012 21:49

Bon, rien de très méchant...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
PRC - C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe (Boxore OU)
SRV - (supdate) Software Update Service (supdate) -- C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe (Boxore OU.)
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111020 ... 59f9994fa5
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111020&babsrc=SP_ss&mntrId=9c12b5210000000000003859f9994fa5
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
[2012/04/21 17:58:39 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/26 19:27:25 | 000,002,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2011/12/25 01:39:42 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
C:\Windows\tasks\SoftwareUpdateTaskMachineCore.job

:Files
C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe
C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe
C:\Users\Sabrinaa\AppData\Local\Babylon
C:\Users\Sabrinaa\AppData\Roaming\Babylon
C:\user.js
C:\Windows\SysWow64\avs.dll

:Commands
[emptytemp]


* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Peur d'être hack ou contrôle de PC

Message le 19 Mai 2012 15:07

Voilà, donc à la fin du scan j'ai du redémarrer mon PC et un rapport c'est affiché le voilà :

Code: Tout sélectionner
All processes killed
========== OTL ==========
No active process named Program Files was found!
Error: No service named supdate) Software Update Service (supdate was found to stop!
Service\Driver key supdate) Software Update Service (supdate not found.
File  C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe  not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Boxore\BoxoreClient\boxore.exe not found.
File\Folder C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe not found.
File\Folder C:\Users\Sabrinaa\AppData\Local\Babylon not found.
File\Folder C:\Users\Sabrinaa\AppData\Roaming\Babylon not found.
File\Folder C:\user.js not found.
File\Folder C:\Windows\SysWow64\avs.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rodmilla
->Temp folder emptied: 35699 bytes
->Temporary Internet Files folder emptied: 325094 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 261677283 bytes
->Flash cache emptied: 2471 bytes
 
User: Sabrina
 
User: Sabrinaa
->Temp folder emptied: 1692 bytes
->Temporary Internet Files folder emptied: 77511 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6848661 bytes
->Flash cache emptied: 343 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8040 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 257,00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05192012_160240

Files\Folders moved on Reboot...
C:\Users\Sabrinaa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 
Haut

Re: Peur d'être hack ou contrôle de PC

Message le 19 Mai 2012 15:36

Salut, :D

C'est cool, ton pc n'est plus infecté..

En tout cas je te rassure, personne n'avais d'accès à distance sur ce PC :wink:

Relance OTL et cliques sur "Purge outils", laisse redémarrer ton PC et c'est tout bon

@++ :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Peur d'être hack ou contrôle de PC

Message le 19 Mai 2012 16:16

Voilà c'est fait ! Me voilà rassuré !
En tout cas je te remercie énormément pour ton aide ! Bonne fin de journée à toi ! :D
HelpMePlease
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 18 Mai 2012 17:39
 
Haut
Précédente
Répondre

Sujets similaires

Message Contrôle J'tenique Moto !
J'angoisse car ma petite vieille a 24 ans et 106 000 KmsTu dois t'en occuper comme d'une vraie petite reine, alors ça va le faire ! Sinon, t'as pas le choix, c'est la suite logique du racket "Contrôle Technique Auto", épicétou.tous Dekra pules, les autres aussi d'ailleurs, bon sang mais ...
Réponses: 11

Message La suprématie Quantique doit elle faire peur?
Je veux un sabre laser!
Réponses: 3

Message [Réglé] Firmware+Contrôle des bus+Contrôleur PCI+Ecran bleu
Bonjour à vous, j'ai un grand soucis que je ne sais comment régler. Mon PC a 3 exclamations jaunes dans les périphériques.Firmeware + Contrôle des bus + Contrôleur PCI. Mon PC c'est HP 550-149 / Processeur Intel(R) Core(TM) i5-4690 CPU @ 3.50GHz, 3501 MHz, 4 c?ur(s), 4 processeur(s) logique(s). Je r ...
Réponses: 10

Message *Dossier* : prendre le contrôle à distance d'un ordinateur
L?équipe de PC-Infopratique vous propose un nouveau dossier traitant d?un sujet actuel : "comment prendre la main à distance sur un ordinateur nous appartenant, et pouvoir le contrôler, gratuitement et de manière sécurisée".Cliquez ici pour lire la suiteN'hésitez pas à nous faire part de v ...
Réponses: 24

Message petit controle
bonjour je trouve que mon pc rame un peuShortcut.txtFRST.txtAddition.txt
Réponses: 7

Message Contrôle sur nouvelles tour
Bonjour;J'aimerai faire un contrôle de mon pc car j'ai un doute sur certain logiciels.Je joins les fichiers texte demander.Merci d'avance de votre aide.Addition.txtFRST.txt
Réponses: 4

Message Contrôle virus
BonjourJe vous écris sur le conseil de Routman 54. J'ai cumulé divers problèmes avec mon Lenovo, Windows 8.1 (vous pouvez voir mon historique sur le site?, ce sera plus facile) Il m'a demandé de faire juste un contrôle dans la rubrique Virus et sécurité en préparant la demande comme expliqué.Pour ré ...
Réponses: 11

Haut

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités

Forum Informatique aide pour le matériel sous Windows, Linux, Logiciels et Jeux Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

.: Nous contacter :: Flux RSS :: Données personnelles :.