Petit problème d'espionnage

[titecharlooh]

Bonjour,

 

je viens demander votre aide concernant un petit souci d'informatique.

 

J'étais en couple avec un très très bon informaticien et j'ai quelques doutes quant à la sécurité de mon ordinateur.

Il se passe des choses étranges quand je suis sur un site tel que facebook et je sais qu'il était souvent au courant de mes faits et gestes sur internet alors qu'il ne devait pas l'être. Comment être sûre qu'il n'a pas accès à mon ordinateur, à ce que je fais et tout simplement à des informations qui ne le concernent plus maintenant? Je n'ai jamais cherché à améliorer mes capacités informatiques puisqu'il était là et je me rends compte à présent que c'est un défaut. J'aimerais donc m'améliorer tout en étant sûre de ma vie privé et sécurité.

 

Je vous remercie d'avance pour votre aide.

 

Charline.

[jeanmimigab]

Bonjour Charline et bienvenue sur Zébulon..

 

Il est peut être doué ton ex, mais ici ont se bat tous les jours contre plus fort que lui..

 

• 
  Dans un premier temps....
  
• On va vérifier que rien de suspect ne soit installé/dissimulé sur ton PC.
  

 

• 
  Ensuite tu devras faire cela...
  
• Créer une nouvelle adresse mail discrète( qui ne contient pas ton nom, pseudo, prénom etc...)
  
• Changer touts tes mots de passes (face book, MSN, boite mail etc...) et aussi remplacer dans ces compte là l'adresse mail ayant servit à l'activation des comptes par ta nouvelle adresse mail.
  

 

Pour voir si rien de suspect n'est présent sur ton PC, fais cela stp...

 

• télécharge Malwarebytes et installe le.
  
• Après avoir effectué la mise à jour, Choisis "exécuter un examen rapide", à la fin du scanne, coches tous les éléments trouvés,et clique sur supprimer la sélection.
  
• Poste moi le rapport stp.

 

ensuite...

 

* Télécharge >> OTL <<sur ton bureau.

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

 

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

 

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

 

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

 

NetSvcs

%systemroot%\system32\drivers\*.sys /lockedfiles

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

tcpip.sys

Sfloppy.sys

Changer.sys

cdrom.sys

disk.sys

ndis.sys

usbscan.sys

usbprint.sys

tdtcp.sys

tdpipe.sys

swmidi.sys

splitter.sys

rdpwd.sys

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

RASACD.SYS

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

 

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).

* Copie et colle les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

[titecharlooh]

Merci pour cette réponse. Effectivement, je ne me fais aucune inquiétude quant à votre force!!

 

Je suis désolée de répondre si tardivement mais voici le rapport de malwarebytes. J'espère qu'il sera concluant.

 

Pour ce qui est de ce que j'ai décelé sur facebook, c'est que suite à la recherche d'un seul profil qui est celui d'un homme que mon ex détestait, j'ai le surnom de cet homme suivi d'un point ! qui s'affiche dans l'adresse, même si je suis sur une autre page. C'est ça qui me semblait étrange. C'est peut-être pas grand chose mais c'est la seule chose que j'ai su déceler.

 

Je te remercie pour l'attention que tu portes à mon "cas".

 

Charline

 

 

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Version de la base de données: 5969

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

06/03/2011 00:22:21

mbam-log-2011-03-06 (00-21-52).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 150414

Temps écoulé: 5 minute(s), 8 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 8

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 4

Fichier(s) infecté(s): 6

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> No action taken.

HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> No action taken.

HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> No action taken.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790571B3765A5435A096 (Malware.Trace) -> Value: SRS_IT_E8790571B3765A5435A096 -> No action taken.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> No action taken.

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> No action taken.

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> No action taken.

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> No action taken.

 

Fichier(s) infecté(s):

c:\Users\Charline\AppData\Local\Temp\nsv759.tmp\Resource.dll (Adware.ClickPotato) -> No action taken.

c:\Users\Charline\AppData\Local\Temp\nsx45EB.tmp\Resource.dll (Adware.ClickPotato) -> No action taken.

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> No action taken.

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> No action taken.

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> No action taken.

c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> No action taken.

[titecharlooh]

voici le fichier texte OTL.

 

Merci encore.

 

 

 

 

OTL logfile created on: 06/03/2011 00:44:49 - Run 1

OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Charline\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,05 Gb Total Space | 12,65 Gb Free Space | 8,49% Space Free | Partition Type: NTFS

 

Computer Name: CHARLINE-PC | User Name: Charline | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Charline\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)

PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\zbgoegtnlwr.exe (Helper)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Charline\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)

SRV - (loxfvswbrqeida) -- C:\Windows\System32\zbgoegtnlwr.exe (Helper)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (TS_AR5416) -- C:\Windows\System32\drivers\ts_athw.sys (TamoSoft)

DRV - (avshws) -- C:\Windows\System32\drivers\youup.sys (Windows ® Codename Longhorn DDK provider)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Durable.com - Recherche

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Durable.com - Recherche

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Durable.com - Recherche

IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Recherche Durable

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Durable"

FF - prefs.js..browser.search.defaulturl: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="'>http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.univ-tlse2.fr/"

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4

FF - prefs.js..extensions.enabledItems: {59994074-c06d-4a75-9768-49e5a8c21264}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8

FF - prefs.js..extensions.enabledItems: cookieexporter@krk:1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="

 

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/22 20:25:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/29 20:19:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/29 20:19:06 | 000,000,000 | ---D | M]

 

[2009/09/02 11:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charline\AppData\Roaming\Mozilla\Extensions

[2011/03/05 22:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions

[2011/03/04 20:21:22 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/08/03 20:31:33 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}

[2010/10/11 09:40:26 | 000,000,000 | ---D | M] (Messenger Plus Live France Toolbar) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}

[2011/01/14 15:21:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2009/09/02 13:47:23 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2011/01/14 22:28:45 | 000,000,000 | ---D | M] (Cookie Exporter) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\cookieexporter@krk

[2010/03/18 21:43:21 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\illimitux@illimitux.net

[2011/02/19 11:00:51 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\SQLiteManager@mrinalkant.blogspot.com

[2009/12/13 13:06:35 | 000,002,321 | ---- | M] () -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\searchplugins\durable.xml

[2011/03/06 00:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/18 23:59:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/12/27 17:59:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/23 19:22:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/03/13 19:30:40 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/03/13 19:30:40 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/03/13 19:30:40 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/03/13 19:30:40 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/03/23 23:21:12 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-143578939-2761823476-559813491-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-143578939-2761823476-559813491-1000\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [[webwiz]] File not found

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-143578939-2761823476-559813491-1000..\Run: [EA Core] File not found

O4 - HKU\S-1-5-21-143578939-2761823476-559813491-1000..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{22e38730-e2c4-11df-bb3e-001eec7c5122}\Shell\AutoRun\command - "" = wdsync.exe

O33 - MountPoints2\{46404091-434f-11e0-add4-001eec7c5122}\Shell\AutoRun\command - "" = E:\urDrive.exe

O33 - MountPoints2\{4e09b9bf-3445-11df-b191-001eec7c5122}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\strongkey-rc1.3-build-208.exe

O33 - MountPoints2\{4e09b9bf-3445-11df-b191-001eec7c5122}\Shell\default\command - "" = E:\strongkey-rc1.3-build-208.exe

O33 - MountPoints2\{5b363646-3d89-11e0-8d3e-001eec7c5122}\Shell\AutoRun\command - "" = F:\Toshiba\Launcher\start.exe

O33 - MountPoints2\{6c527ab9-dcd9-11de-94b1-001eec7c5122}\Shell - "" = AutoRun

O33 - MountPoints2\{6c527ab9-dcd9-11de-94b1-001eec7c5122}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{776370e1-9a43-11df-849b-001fe2cf0a56}\Shell\AutoRun\command - "" = E:\Toshiba\more4youa.exe

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Toshiba\more4youa.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/03/06 00:15:31 | 000,000,000 | ---D | C] -- C:\Users\Charline\AppData\Roaming\Malwarebytes

[2011/03/06 00:15:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/03/06 00:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/03/06 00:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/03/06 00:15:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/03/06 00:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/03/05 12:47:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

[2011/03/05 12:44:12 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2011/03/05 12:44:12 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2011/03/05 12:44:12 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2011/03/05 12:42:20 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll

[2011/03/05 12:42:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[2011/03/05 12:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2011/03/05 12:38:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011/03/05 12:36:43 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/03/05 12:36:43 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/03/05 12:36:42 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/03/05 12:36:42 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/03/05 12:36:41 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/03/05 12:36:41 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/03/05 12:36:41 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/03/05 12:36:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/03/05 12:36:40 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/03/05 12:36:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2011/03/05 12:36:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/03/05 12:35:07 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/03/05 12:35:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2011/03/05 12:35:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/03/05 12:35:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll

[2011/03/05 12:35:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/03/05 12:34:53 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/03/05 12:34:53 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll

[2011/03/05 12:34:53 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx

[2011/03/05 12:34:53 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe

[2011/03/05 12:34:30 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll

[2011/03/05 12:34:30 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll

[2011/03/05 12:34:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2011/03/05 12:18:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2011/03/05 12:18:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2011/03/05 12:18:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2011/03/05 12:18:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2011/03/05 12:18:47 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2011/02/27 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

[2011/02/27 11:22:43 | 000,000,000 | ---D | C] -- C:\Users\Charline\AppData\Local\Google

[2011/02/27 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2011/02/25 19:12:34 | 000,000,000 | ---D | C] -- C:\Users\Charline\Documents\Mes fichiers reçus

[2011/02/25 18:01:02 | 000,000,000 | ---D | C] -- C:\Users\Charline\Documents\Mes Historiques de Conversation

[2011/02/23 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/02/23 19:22:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/02/23 19:22:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/02/23 19:22:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/02/18 15:48:16 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll

[2010/02/20 14:21:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Charline\AppData\Roaming\pcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2011/03/06 00:31:42 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/03/06 00:31:42 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/03/06 00:25:04 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/03/06 00:25:04 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/03/06 00:24:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/03/06 00:24:38 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys

[2011/03/06 00:15:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/05 22:30:06 | 000,253,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/03/05 10:44:19 | 000,047,616 | ---- | M] () -- C:\Users\Charline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/01 22:38:57 | 000,116,437 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0010.png

[2011/03/01 22:38:56 | 000,115,366 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0009.png

[2011/03/01 22:38:55 | 000,115,568 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0008.png

[2011/03/01 22:38:55 | 000,115,450 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0007.png

[2011/03/01 22:38:54 | 000,117,238 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0006.png

[2011/03/01 22:38:53 | 000,116,913 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0005.png

[2011/03/01 22:38:52 | 000,116,699 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0003.png

[2011/03/01 22:38:52 | 000,115,629 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0004.png

[2011/03/01 22:38:50 | 000,115,823 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0002.png

[2011/03/01 22:38:47 | 000,116,863 | ---- | M] () -- C:\Users\Charline\Documents\joie et deception_0001.png

[2011/02/27 15:02:11 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job

[2011/02/27 11:23:47 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2011/02/13 22:46:04 | 000,000,329 | ---- | M] () -- C:\Users\Charline\Desktop\Outils de diagnostic d'imprimante HP.url

[2011/02/13 12:33:49 | 000,167,409 | ---- | M] () -- C:\Windows\hpoins30.dat

[2011/02/06 21:33:01 | 097,238,820 | ---- | M] () -- C:\Windows\MEMORY.DMP

 

========== Files Created - No Company Name ==========

 

[2011/03/06 00:15:15 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/01 22:38:57 | 000,116,437 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0010.png

[2011/03/01 22:38:56 | 000,115,366 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0009.png

[2011/03/01 22:38:55 | 000,115,568 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0008.png

[2011/03/01 22:38:54 | 000,117,238 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0006.png

[2011/03/01 22:38:54 | 000,115,450 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0007.png

[2011/03/01 22:38:53 | 000,116,913 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0005.png

[2011/03/01 22:38:52 | 000,115,629 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0004.png

[2011/03/01 22:38:51 | 000,116,699 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0003.png

[2011/03/01 22:38:50 | 000,115,823 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0002.png

[2011/03/01 22:38:47 | 000,116,863 | ---- | C] () -- C:\Users\Charline\Documents\joie et deception_0001.png

[2011/02/27 15:02:08 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job

[2011/02/27 11:23:47 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2011/02/13 22:46:04 | 000,000,329 | ---- | C] () -- C:\Users\Charline\Desktop\Outils de diagnostic d'imprimante HP.url

[2010/05/22 20:25:07 | 000,023,802 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010/05/22 20:18:21 | 000,078,339 | ---- | C] () -- C:\Windows\hpqins05.dat

[2010/05/06 18:23:53 | 000,167,409 | ---- | C] () -- C:\Windows\hpoins30.dat

[2010/02/20 14:24:01 | 000,001,041 | ---- | C] () -- C:\Users\Charline\AppData\Roaming\vso_ts_preview.xml

[2010/02/20 14:21:38 | 000,087,608 | ---- | C] () -- C:\Users\Charline\AppData\Roaming\inst.exe

[2010/02/20 14:21:38 | 000,007,887 | ---- | C] () -- C:\Users\Charline\AppData\Roaming\pcouffin.cat

[2010/02/20 14:21:38 | 000,001,144 | ---- | C] () -- C:\Users\Charline\AppData\Roaming\pcouffin.inf

[2010/02/08 12:35:44 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2010/02/07 17:36:21 | 000,000,130 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/07 17:36:05 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2010/02/05 01:04:42 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2009/11/10 21:21:51 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/10/11 21:19:30 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/10/08 19:44:43 | 000,047,616 | ---- | C] () -- C:\Users\Charline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/02 11:15:18 | 000,001,356 | ---- | C] () -- C:\Users\Charline\AppData\Local\d3d9caps.dat

[2009/06/22 07:12:25 | 000,143,360 | ---- | C] () -- C:\Windows\System32\msarcioed.dll

[2008/12/20 19:10:39 | 000,009,851 | ---- | C] () -- C:\Windows\System32\mswrnioee.dll

[2008/12/05 03:52:59 | 000,000,547 | ---- | C] () -- C:\Windows\hpomdl30.dat

[2007/08/20 19:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll

[2007/08/20 19:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/08/20 19:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 13:47:37 | 000,253,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

 

========== LOP Check ==========

 

[2009/10/10 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\DeepBurner

[2011/02/17 11:58:42 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\DiskAid

[2009/11/23 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\El Conjugador

[2009/09/02 13:47:12 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Foxit

[2010/11/21 02:47:49 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\LolClient

[2010/02/07 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\ManyCam

[2010/10/21 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Megaupload

[2010/02/09 22:52:42 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\MonkeyJam

[2009/09/08 10:56:16 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\OpenOffice.org

[2010/07/30 21:28:02 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\PlayFirst

[2011/03/03 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Spotify

[2010/01/19 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\TeamViewer

[2010/12/13 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Total Immersion

[2010/03/05 09:24:01 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Vso

[2010/06/17 15:44:06 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Zylom

[2011/03/06 00:23:44 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %ALLUSERSPROFILE%\Application Data\*. >

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

 

< %APPDATA%\*. >

[2011/01/07 22:55:59 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Adobe

[2010/07/26 00:52:36 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Apple Computer

[2009/10/04 10:53:50 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\CyberLink

[2009/10/10 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\DeepBurner

[2011/02/17 11:58:42 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\DiskAid

[2011/02/19 13:09:43 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\dvdcss

[2009/11/23 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\El Conjugador

[2009/09/02 13:47:12 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Foxit

[2011/02/13 13:16:16 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\HP

[2011/02/13 13:17:21 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\HPAppData

[2011/02/20 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\HpUpdate

[2010/06/17 15:44:06 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Identities

[2009/09/02 11:57:17 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\InstallShield

[2010/11/21 02:47:49 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\LolClient

[2010/06/19 22:10:34 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Macromedia

[2011/03/06 00:15:31 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Malwarebytes

[2010/02/07 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\ManyCam

[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Media Center Programs

[2010/10/21 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Megaupload

[2010/07/28 18:51:52 | 000,000,000 | --SD | M] -- C:\Users\Charline\AppData\Roaming\Microsoft

[2010/02/09 22:52:42 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\MonkeyJam

[2009/09/02 11:52:14 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Mozilla

[2009/09/08 10:56:16 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\OpenOffice.org

[2010/07/30 21:28:02 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\PlayFirst

[2010/03/08 10:55:54 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Real

[2011/03/02 21:55:34 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Skype

[2011/03/02 16:08:22 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\skypePM

[2011/03/03 11:39:37 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Spotify

[2010/01/19 18:19:50 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\TeamViewer

[2010/12/13 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Total Immersion

[2011/03/04 16:40:55 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\vlc

[2010/03/05 09:24:01 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Vso

[2009/10/10 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\WinRAR

[2010/06/17 15:44:06 | 000,000,000 | ---D | M] -- C:\Users\Charline\AppData\Roaming\Zylom

 

< %APPDATA%\*.exe /s >

[2010/02/20 14:40:24 | 000,087,608 | ---- | M] () -- C:\Users\Charline\AppData\Roaming\inst.exe

[2011/01/07 22:53:13 | 012,674,968 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Charline\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe

[2009/10/04 14:48:36 | 000,010,134 | R--- | M] () -- C:\Users\Charline\AppData\Roaming\Microsoft\Installer\{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}\ARPPRODUCTICON.exe

[2009/10/04 14:48:37 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Charline\AppData\Roaming\Microsoft\Installer\{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}\NewShortcut31_491CED7A0F134BE6957A59DCA69E8271.exe

[2009/10/04 14:48:37 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Charline\AppData\Roaming\Microsoft\Installer\{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}\NewShortcut3_07FB580BF187437F9CBB930D0129A475.exe

[2011/02/13 22:45:59 | 000,010,134 | R--- | M] () -- C:\Users\Charline\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

[2010/01/10 02:57:48 | 000,010,134 | R--- | M] () -- C:\Users\Charline\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[1998/10/28 16:50:38 | 000,269,824 | ---- | M] () -- C:\Users\Charline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COKTEL\Configuration 3D.exe

[1998/07/16 10:28:30 | 000,370,176 | ---- | M] () -- C:\Users\Charline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COKTEL\Désinstalleur Coktel.exe

[2011/03/06 00:28:48 | 000,188,152 | ---- | M] () -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\FlashGot.exe

[2007/12/30 05:01:18 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe

[2007/12/30 05:01:18 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe

[2010/03/28 21:50:42 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Charline\AppData\Roaming\Real\Update\setup3.10\setup.exe

 

< %SYSTEMDRIVE%\*.exe >

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008/01/18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 

< MD5 for: CDROM.SYS >

[2008/01/18 21:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\drivers\cdrom.sys

[2008/01/18 21:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys

[2008/01/18 21:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys

[2006/11/02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: DISK.SYS >

[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys

[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys

[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys

[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

 

< MD5 for: EXPLORER.EXE >

[2009/09/03 03:03:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2009/09/03 03:03:54 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe

[2009/09/03 03:03:54 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2009/09/03 03:03:54 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009/09/03 03:03:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008/01/18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 

< MD5 for: IASTORV.SYS >

[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008/01/18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 

< MD5 for: NDIS.SYS >

[2006/11/02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys

[2008/01/18 23:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys

[2008/01/18 23:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008/01/18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008/01/18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 

< MD5 for: RASACD.SYS >

[2008/01/18 21:56:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys

[2008/01/18 21:56:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys

[2006/11/02 09:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasacd.sys

 

< MD5 for: RDPWD.SYS >

[2006/11/02 10:02:15 | 000,160,256 | ---- | M] (Microsoft Corporation) MD5=8830E790A74A96605FABA74F9665BB3C -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6000.16386_none_493ec64bd8177786\rdpwd.sys

[2008/01/18 22:01:22 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=E1C18F4097A5ABCEC941DC4B2F99DB7E -- C:\Windows\System32\drivers\rdpwd.sys

[2008/01/18 22:01:22 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=E1C18F4097A5ABCEC941DC4B2F99DB7E -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.0.6001.18000_none_4b758847d502885a\rdpwd.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008/01/18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

 

< MD5 for: SFLOPPY.SYS >

[2006/11/02 09:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys

[2006/11/02 09:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys

[2008/01/18 21:49:50 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys

[2008/01/18 21:49:50 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys

 

< MD5 for: TCPIP.SYS >

[2008/04/26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\SoftwareDistribution\Download\e96ddab89324864a3f629877ea55d924\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys

[2009/11/10 19:50:04 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys

[2009/11/10 19:50:01 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys

[2009/11/10 19:50:04 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys

[2009/09/03 02:59:40 | 000,806,400 | ---- | M] (Microsoft Corporation) MD5=52A8BD6294F7D1443C6184C67AE13AF4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys

[2009/09/03 02:59:41 | 000,803,328 | ---- | M] (Microsoft Corporation) MD5=5DF77458AA92FDB36FCE79C60F74AB5D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys

[2010/06/16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys

[2009/11/10 19:50:02 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys

[2010/06/16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys

[2010/06/16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\System32\drivers\tcpip.sys

[2010/06/16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys

[2008/04/26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\SoftwareDistribution\Download\e96ddab89324864a3f629877ea55d924\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys

[2009/11/10 19:50:01 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys

[2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys

[2006/11/02 09:58:38 | 000,802,816 | ---- | M] (Microsoft Corporation) MD5=D944522B048A5FEB7700B5170D3D9423 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys

[2008/01/18 23:43:40 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys

[2009/11/10 19:50:02 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

 

< MD5 for: TDPIPE.SYS >

[2008/01/18 22:01:08 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\System32\drivers\tdpipe.sys

[2008/01/18 22:01:08 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=5DCF5E267BE67A1AE926F2DF77FBCC56 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdpipe.sys

[2006/11/02 10:02:01 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=964248AEF49C31FA6A93201A73FFAF50 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6000.16386_none_d975757047cc3203\tdpipe.sys

 

< MD5 for: TDTCP.SYS >

[2008/01/18 22:01:10 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\System32\drivers\tdtcp.sys

[2008/01/18 22:01:10 | 000,029,184 | ---- | M] (Microsoft Corporation) MD5=389C63E32B3CEFED425B61ED92D3F021 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6001.18000_none_dbac376c44b742d7\tdtcp.sys

[2006/11/02 10:02:01 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=7D2C1AE1648A60FCE4AA0F7982E419D3 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.0.6000.16386_none_d975757047cc3203\tdtcp.sys

 

< MD5 for: USBPRINT.SYS >

[2006/11/02 10:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=B51E52ACF758BE00EF3A58EA452FE360 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_35521f61\usbprint.sys

[2008/01/18 22:14:42 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\drivers\usbprint.sys

[2008/01/18 22:14:42 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_29f90369\usbprint.sys

[2008/01/18 22:14:42 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=E75C4B5269091D15A2E7DC0B6D35F2F5 -- C:\Windows\winsxs\x86_usbprint.inf_31bf3856ad364e35_6.0.6001.18000_none_32f9c26ac169fb1e\usbprint.sys

 

< MD5 for: USBSCAN.SYS >

[2008/01/18 22:14:10 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\drivers\usbscan.sys

[2008/01/18 22:14:10 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys

[2008/01/18 22:14:10 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys

[2006/11/02 10:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys

 

< MD5 for: USERINIT.EXE >

[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 

< MD5 for: WININIT.EXE >

[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008/01/18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008/01/18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2008/01/18 23:34:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2008/01/18 23:34:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2006/11/02 10:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:8927A071

@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:3A6BC948

@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

 

< End of report >

 

Modifié le 6 mars 2011 par titecharlooh

[titecharlooh]

et le fichier extra.

 

 

OTL Extras logfile created on: 06/03/2011 00:44:49 - Run 1

OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Charline\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,05 Gb Total Space | 12,65 Gb Free Space | 8,49% Space Free | Partition Type: NTFS

 

Computer Name: CHARLINE-PC | User Name: Charline | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{035C19AB-4D34-449E-9EB6-3DD04BCD5CDC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |

"{35FBEEDE-A617-45EF-802A-8F09E4EB8F74}" = lport=2869 | protocol=6 | dir=in | app=system |

"{85A8C01C-C873-4E49-B850-2AF1C11D277C}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |

"{99EDE754-EAA6-4A99-B2F1-9E2A95EA27F1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |

"{C3BB5C9A-7114-40B2-BB96-7F60191673F2}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |

"{CEF6095F-6C84-4B08-8E72-5809392D8219}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{085DBF65-E719-444D-B4BA-B0BABE828523}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{0AB90144-EE43-4B1B-83FD-418BC82E46B7}" = protocol=6 | dir=in | app=c:\program files\homeplayer\homeplayer.exe |

"{13CEF79E-5960-4EB8-AE1C-34ED34EAFA75}" = protocol=17 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |

"{146956CA-D490-4CDD-AE0B-03D0F1B3C575}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1E4BA4B6-F936-423B-8DCE-ABC7BA073751}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{2C2120D3-EB62-4545-9DBB-335270B8D298}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

"{2DFA5A59-521A-47E2-AB07-242FAFF5CABA}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{48837048-EA70-49F8-B365-3362138CAA54}" = protocol=6 | dir=in | app=c:\program files\homeplayer\vlc\vlc.exe |

"{557DA49D-41A2-4D62-B6FB-5859AF35469C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5662D2C0-B863-4154-81A6-2C53F82B2173}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{57040FE7-524A-4E38-A278-E245A3DE25B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5A930162-CF27-4D33-ACAE-4DFFBB387474}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{5E8D3CC3-0780-4FA0-9391-2A2FAC16D4EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |

"{642C40AD-803B-41C6-B552-C9B174F577B9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\youup\youup.exe |

"{6DA4C70A-38E9-4050-AEE8-B11B5E8D7BC4}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |

"{6EDA2636-B2A6-4BFE-90D6-0E43395A055C}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |

"{70DD54C4-7E04-433E-BE70-AEE740371E78}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{71130E65-78F9-4109-AF92-DA928EA295CD}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{786B0E97-A1A9-46D6-82BD-CA7E1203D821}" = protocol=6 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |

"{83652464-84A0-4093-9F7D-97DE4729AC5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{8A740673-FFFC-4511-893F-A1F3253CFFAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |

"{8D0ED5E6-5174-44DD-93BB-0CC72C42DE63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{9A81E969-D19B-4A7B-AA63-61EFEDE43B5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{9ADA5ECA-6266-4F7A-A6DE-6A729376B67C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{9C485193-B607-42E1-9582-388270BBE72E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{A52F6A89-E3A6-4ADB-9B0C-F9B938516695}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A70F1AA7-1F4C-43B8-ACFF-9E591C1A01FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{A8BD3496-9C65-47E1-A40C-3C6691FC898F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{ADD786D4-B178-442A-8DF8-12CAE0690ECE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{BF9F7C2F-4584-42B6-A8D2-8529A8793197}" = protocol=17 | dir=in | app=c:\program files\homeplayer\homeplayer.exe |

"{BFB96DE3-CBBE-4B90-83DF-547136A3F955}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |

"{BFBDD3BB-2CED-40F0-A6F2-C37F4946EE0B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{CDEECA64-E19E-4F39-812B-8A6399CBB0AD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CF1731E0-B00F-4BB1-880B-379CAC7FE237}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{DB436A89-9053-4CCD-9067-C3A2BC4EDFE1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{DD54E7C8-23EA-4618-ADB6-16FF31527053}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |

"{E5F31D8B-4121-4428-A027-72BA8BA98282}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EA0B868A-C591-4B14-AA70-B9AA6A41E14D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\youup\youup.exe |

"{EFBB2A64-A284-4577-AE03-A2BD4B51FD49}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |

"{F463E85F-CBDC-412A-BD12-81586DBD1C9A}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |

"{F7A69DBD-49D0-48D9-87D5-E749AD33F347}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |

"{FD7F81FB-D44D-4A97-9C9E-CB7C35496D4B}" = protocol=17 | dir=in | app=c:\program files\homeplayer\vlc\vlc.exe |

"TCP Query User{0BE36907-F100-48DD-9F98-1566CA7BD5F4}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"TCP Query User{23BB223F-859E-4167-A073-D642FA6C7228}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"TCP Query User{5381CC96-8008-46C2-85D5-B979884A8E18}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{77D8B7AC-6A91-4185-A653-6863C45A8586}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

"TCP Query User{94CA64A3-F1A1-46BC-A893-724C8AD6FAF6}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |

"TCP Query User{AE8A916C-779B-4040-BA7B-D671D5030BC9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{C02FAF7F-BAB9-43E3-8166-D7062A74B466}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

"TCP Query User{CD785DDE-FEE0-4AEA-8F11-32BAEA3659EB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{F140F378-7EA5-4EBF-B4F9-062C16499870}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |

"TCP Query User{FBDBE592-3DE1-4BF7-9A8C-266B3FA35649}C:\program files\homeplayer\homeplayer.exe" = protocol=6 | dir=in | app=c:\program files\homeplayer\homeplayer.exe |

"UDP Query User{10D20591-0185-40D7-8C79-23DE0D953316}C:\program files\homeplayer\homeplayer.exe" = protocol=17 | dir=in | app=c:\program files\homeplayer\homeplayer.exe |

"UDP Query User{5382A6A7-F4FC-41C2-BC59-3163191AB597}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |

"UDP Query User{5E113CA1-6FA6-4E4E-8EDF-0C58636F4F7E}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

"UDP Query User{62E230A5-1AA0-4ABF-A98E-46C51A0A5F65}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{650F8438-9B16-4014-B0EF-F54D3D3C081B}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

"UDP Query User{7E28D882-A968-435E-ACFE-38C642A51B16}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"UDP Query User{A20AF0AC-AEBE-42A9-BA47-DA9CC59437E5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |

"UDP Query User{A2539F81-2264-4673-9556-0A3A60521239}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{E04FF520-9C9D-48FF-A44E-C010FC2081B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{FD94313E-2949-4D24-863E-280339A5498D}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 24

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager

"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module

"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{54A2CFDE-DC70-46E0-92AC-DC88F6303D39}" = Guitar Pro 4

"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6986B658-7FFA-4108-81D5-24C400AC302A}" = Mega Manager

"{69B040CC-E9B1-4769-950E-87786C9E16AD}" = OpenOffice.org 3.2

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}" = Ma-Config.com

"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert

"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver

"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français

"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ask Toolbar_is1" = Foxit Toolbar

"avast5" = avast! Free Antivirus

"CDex" = CDex extraction audio

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CommView for WiFi" = CommView for WiFi

"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In

"Diner Dash - Flo Through Time 1.00" = Diner Dash - Flo Through Time 1.00

"DiskAid_is1" = DiskAid 4.06

"DivX Setup.divx.com" = Configuration DivX

"Enigma" = Enigma

"HDMI" = Intel® Graphics Media Accelerator Driver

"HomePlayer" = HomePlayer 1.5.9a

"Hometown Hero" = Hometown Hero

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 12.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MonkeyJam_is1" = MonkeyJam 3_050529

"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)

"Picasa 3" = Picasa 3

"RealPlayer 12.0" = RealPlayer

"SFR_Kit" = SFR - Kit de connexion

"SFR_Media Center" = SFR - Media Center

"Shop for HP Supplies" = Shop for HP Supplies

"Softonic_France Toolbar" = Softonic_France Toolbar

"Spotify" = Spotify

"VLC media player" = VLC media player 1.0.1

"WalterShop" = WalterShop

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Logiciel d'archivage WinRAR

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Diner Dash Flo on the Go" = Diner Dash Flo on the Go

"Wedding Dash 2® Deluxe" = Wedding Dash 2® Deluxe

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 08/01/2010 19:11:11 | Computer Name = Charline-PC | Source = avast! | ID = 33554522

Description =

 

Error - 06/02/2010 11:31:27 | Computer Name = Charline-PC | Source = avast! | ID = 33554522

Description =

 

Error - 02/05/2010 12:26:23 | Computer Name = Charline-PC | Source = avast! | ID = 33554522

Description =

 

Error - 02/05/2010 12:26:24 | Computer Name = Charline-PC | Source = avast! | ID = 33554522

Description =

 

Error - 02/05/2010 12:26:25 | Computer Name = Charline-PC | Source = avast! | ID = 33554522

Description =

 

Error - 02/05/2010 12:26:26 | Computer Name = Charline-PC | Source = avast! | ID = 33554522

Description =

 

Error - 02/05/2010 12:26:28 | Computer Name = Charline-PC | Source = avast! | ID = 33554522

Description =

 

[ Application Events ]

Error - 04/03/2011 18:44:54 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9313

 

Error - 04/03/2011 18:44:55 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04/03/2011 18:44:55 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 10312

 

Error - 04/03/2011 18:44:55 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 10312

 

Error - 04/03/2011 18:44:56 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04/03/2011 18:44:56 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11326

 

Error - 04/03/2011 18:44:56 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11326

 

Error - 04/03/2011 18:44:57 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04/03/2011 18:44:57 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 12324

 

Error - 04/03/2011 18:44:57 | Computer Name = Charline-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 12324

 

[ System Events ]

Error - 26/02/2011 06:07:32 | Computer Name = Charline-PC | Source = Print | ID = 19

Description = The print spooler failed to share printer HP Photosmart C4500 series

with shared resource name HP Photosmart C4500 series. Error 2114. The printer cannot

be used by others on the network.

 

Error - 26/02/2011 06:07:32 | Computer Name = Charline-PC | Source = Print | ID = 19

Description = The print spooler failed to share printer HP Photosmart 470 Series

with shared resource name HP Photosmart 470 Series. Error 2114. The printer cannot

be used by others on the network.

 

Error - 26/02/2011 13:42:56 | Computer Name = Charline-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.35 for the Network Card with network

address 001FE2CF0A56 has been denied by the DHCP server 78.250.255.254 (The DHCP

Server sent a DHCPNACK message).

 

Error - 28/02/2011 11:28:03 | Computer Name = Charline-PC | Source = HTTP | ID = 15016

Description =

 

Error - 03/03/2011 02:44:05 | Computer Name = Charline-PC | Source = Service Control Manager | ID = 7011

Description =

 

Error - 03/03/2011 06:24:22 | Computer Name = Charline-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.35 for the Network Card with network

address 001FE2CF0A56 has been denied by the DHCP server 78.250.255.254 (The DHCP

Server sent a DHCPNACK message).

 

Error - 03/03/2011 06:25:13 | Computer Name = Charline-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 78.250.160.124 for the Network Card with network

address 001FE2CF0A56 has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 05/03/2011 17:27:49 | Computer Name = Charline-PC | Source = DCOM | ID = 10010

Description =

 

Error - 05/03/2011 17:30:24 | Computer Name = Charline-PC | Source = HTTP | ID = 15016

Description =

 

Error - 05/03/2011 19:25:08 | Computer Name = Charline-PC | Source = HTTP | ID = 15016

Description =

 

 

< End of report >

 

 

 

[jeanmimigab]

hello,

 

J'espère que tu as bien supprimer touts les objets infectieux trouvés par malwarebytes', si ce n'est pas le cas, refais un scanne et supprime tout ce qui sera détecté en fin de scanne.

 

Ton pc est bien infecter, mais rien à voir avec une infection installée par ton ex...

 

* Fais un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

 

:Files

C:\Windows\System32\zbgoegtnlwr.exe

C:\Program Files\Softonic_France

C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}

C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}

C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\cookieexporter@krk

C:\Program Files\AskBarDis

E:\strongkey-rc1.3-build-208.exe

C:\Users\Charline\AppData\Roaming\inst.exe

C:\Users\Charline\AppData\Roaming\pcouffin.cat

C:\Users\Charline\AppData\Roaming\pcouffin.inf

C:\Users\Charline\AppData\Roaming\pcouffin.sys

C:\ProgramData\ezsidmv.dat

C:\Windows\System32\msarcioed.dll

C:\Windows\System32\mswrnioee.dll

C:\Windows\System32\igfxCoIn_v1318.dll

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Ask Toolbar_is1"=-

"Softonic_France Toolbar"=-

"WalterShop"=-

 

 

:OTL

PRC - C:\Windows\System32\zbgoegtnlwr.exe (Helper)

SRV - (loxfvswbrqeida) -- C:\Windows\System32\zbgoegtnlwr.exe (Helper)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Durable.com - Recherche

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Durable.com - Recherche

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Durable.com - Recherche

IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Recherche Durable

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Durable.com - Recherche

IE - HKU\S-1-5-21-143578939-2761823476-559813491-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

FF - prefs.js..browser.search.defaultenginename: "Durable"

FF - prefs.js..browser.search.defaulturl: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="'>http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="

FF - prefs.js..extensions.enabledItems: {59994074-c06d-4a75-9768-49e5a8c21264}:2.7.2.0

FF - prefs.js..keyword.URL: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=" => ZHPHosts White List

[2010/08/03 20:31:33 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{364d4e0c-543f-4b85-abe3-19551139da4f}

[2010/10/11 09:40:26 | 000,000,000 | ---D | M] (Messenger Plus Live France Toolbar) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}

[2009/09/02 13:47:23 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2011/01/14 22:28:45 | 000,000,000 | ---D | M] (Cookie Exporter) -- C:\Users\Charline\AppData\Roaming\Mozilla\Firefox\Profiles\x362zn3c.default\extensions\cookieexporter@krk

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) => Infection BT (Adware.AskBarDis)

O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-143578939-2761823476-559813491-1000\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-143578939-2761823476-559813491-1000\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files\Softonic_France\tbSoft.dll (Conduit Ltd.)

O4 - HKLM\..\Run: [] File not found

O4 - HKLM\..\Run: [[webwiz]] File not found

O33 - MountPoints2\{4e09b9bf-3445-11df-b191-001eec7c5122}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\strongkey-rc1.3-build-208.exe

O33 - MountPoints2\{4e09b9bf-3445-11df-b191-001eec7c5122}\Shell\default\command - "" = E:\strongkey-rc1.3-build-208.exe

O33 - MountPoints2\{6c527ab9-dcd9-11de-94b1-001eec7c5122}\Shell - "" = AutoRun

[2010/02/20 14:21:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Charline\AppData\Roaming\pcouffin.sys

@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:8927A071

@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:3A6BC948

@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

 

:Commands

[emptytemp]

[EMPTYFLASH]

 

• Déconnecte toi physiquement d'internet (le plus simple est de débrancher la prise téléphonique de ta box)
  
• Branche toute tes clefs USB, disques dures externes et tout autre support de stockage externe que tu as en ta possession au pc et sans les ouvrir (met les quand même sous tension et en position marche afin qu'OTL puisse y accèder
  

 

 

* Cliques sur l'icône"Correction" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport va s'ouvrir "OTL.Txt"

* Copie et colle le rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

 

@++

[titecharlooh]

Bonjour, merci beaucoup pour cette aide.

 

J'ai donc fait ce que tu m'avais indiqué et voici le fichier d'OTL.

 

Merci encore

 

@++

 

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c527ab9-dcd9-11de-94b1-001eec7c5122}\ not found.

File C:\Users\Charline\AppData\Roaming\pcouffin.sys not found.

ADS C:\ProgramData\Temp:8927A071 deleted successfully.

ADS C:\ProgramData\Temp:3A6BC948 deleted successfully.

ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Charline

->Temp folder emptied: 1997858901 bytes

->Temporary Internet Files folder emptied: 75071720 bytes

->Java cache emptied: 72266370 bytes

->FireFox cache emptied: 124191855 bytes

->Flash cache emptied: 12817559 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22503532 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 62976 bytes

 

Total Files Cleaned = 2 198,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Charline

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.22.2 log created on 03062011_134435

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

Si jamais ce n'est pas trop long à expliquer, pourrais tu me dire ce que c'était et ce qu'exactement tu as fait, que j'en prenne de la graine (si c'est possible )

[jeanmimigab]

hello,

 

Pas mal de composant de toolbarre infectieuse étaient sur ton PC.

Ils sont considérés comme infectieux car il enregistre tes habitudes de surf, modifie tes résultat de recherche etc....

Tu avais aussi un dropper actil à chaque démarrage de ton PC...et en ce moment ce qui traine sur leurs serveurs n'est pas cool

 

J'ai un petit doute sur un truc, fais cela stp...

 

Télécharge TDSSKiller (Kapersky Lab) sur ton bureau en allant sur cette page web

 

Dezzipe-le et fais un double-clic dessus pour l'exécuter et si une détection apparait après le scanne,suis les instructions et autorise le redémarrage du pc

Poste le rapport "C:\TDSSKiller_Quarantine\date_heure"

 

@++

[titecharlooh]

hello

 

je viens de faire le scan TDSSKiller mais il n'a rien trouvé. Il n'est peut-être pas nécessaire que je mette le rapport dans ce cas?

 

Merci pour l'explication même s'il y a de bien grands mots pour moi

[jeanmimigab]

re,

 

Si il n'a rien trouvé c'est OK...et bon signe.

 

Est-ce que tu as une boite Hotmail ?

 

Si oui, ont va la sécuriser...

Met toi sur "boite de réception"

En haut à droite, cliques sur "Options" >> "autres options..."

Ensuite cliques sur "Gestion de votre compte" >> "Détails du compte" >> change ton mot de passe

Ensuite vas dans "Informations de redéfinition du mot de passe" >> entres y ta nouvelle adresse mail que tu as créer comme je te l'ai demander ( ou bien entre y une adresse mail inconnu de ton "ex" ).

Changes aussi la "question/réponse" secrète servant à réinitialiser le mot de passe.

 

Puis...à nouveau

Cliques sur "Options" >> "autres options..."

Puis vas dans "Transfert du courrier" ( en dessous de "Gestion de votre compte" ) et vérifie que "Ne pas transférer" soit coché.

(à moins que tu ai toi même décidé un transfert de ces mail vers une autre boite mail.

 

Pour ta (tes) boite mail hébergée chez ton opérateur (free, SFR etc..) vérifie qu'aucune redirections des mails ne soit paramétrées dans les options (fouille un peu dans les options et tu y trouveras une option équivalente à "Transfert du courrier" avec un mon peut être différent ).

Si tu ne trouve pas, rapproche toi de ton opérateur pour savoir si une option comme celle-ci est active et comment faire pour la modifié si elle est activée car je ne peut pas trop t'aider pour ça(chaque opérateurs ayant des options différentes)

 

Pense à modifier aussi touts tes mode de passe et adresse mail dans tes différents comptes auxquels ton ex avait accès (facebook, twiter, banques etc...), ainsi si il fait une demande de mot de passe en se faisant passé pour toi, il ne recevra jamais le mot de passe.

 

Pour vérifier si tout est clean, peux-tu me refaire un scan OTL comme tu l'as fais la première fois stp...

 

@++