Sujet Précédent Sujet Suivant

Virus gendarmerie

Fermé
stram - 18 févr. 2012 à 00:50
 Utilisateur anonyme - 19 févr. 2012 à 09:56
Bonjour,

Je suis bloqué sur mon ordinateur (qui tourne sous vista) à cause du virus gendarmerie. J'ai essayé de passer par le mode sans échec mais ça ne marche pas. J'ai donc fait un boot sur le cd live otlpe et fait un scan en copiant les lignes de commande écrites ici:

http://forum.touslespodcasts.com/telecharger/securite/virus-gendarmerie-453088/messages-1.html

voilà le rapport otlpe. Que dois je faire pour restaurer mon système ?


merci beaucoup pour votre aide

OTL logfile created on: 2/17/2012 6:43:26 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 316.02 Gb Total Space | 82.79 Gb Free Space | 26.20% Space Free | Partition Type: NTFS
Drive D: | 265.07 Gb Total Space | 162.58 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
Drive E: | 3.82 Gb Total Space | 0.93 Gb Free Space | 24.35% Space Free | Partition Type: FAT32
Drive J: | 15.00 Gb Total Space | 9.57 Gb Free Space | 63.82% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - [2011/07/07 12:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 10:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/08/02 07:06:32 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/07/07 12:31:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/29 17:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/13 05:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2008/12/18 06:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 02:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 02:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [1999/05/28 03:43:28 | 000,085,504 | ---- | M] () [Auto] -- C:\Windows\System32\Wintab32.exe -- (wintab32)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand] -- -- (lgusbsmodem)
DRV - File not found [Kernel | On_Demand] -- -- (lg3gunic) LGE KU580 USB Ethernet Emulation (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (lg3gobex)
DRV - File not found [Kernel | On_Demand] -- -- (lg3gmgmt) LGE KU580 USB WMC Device Management Drivers (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (lg3gmdm)
DRV - File not found [Kernel | On_Demand] -- -- (lg3gmdfl)
DRV - File not found [Kernel | On_Demand] -- -- (lg3gbus) LGE KU580 driver (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/09/14 05:37:03 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/17 07:29:33 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/07 07:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 07:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 07:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 07:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/08/02 07:05:41 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/19 07:32:02 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/09/29 01:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 01:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 01:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/06/30 02:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/30 06:24:50 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/03/30 06:24:50 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/01/13 07:39:40 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/01/20 21:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel(R)
DRV - [2006/12/05 04:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2000/01/19 12:21:12 | 000,032,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\Tablet.sys -- (tablet)
DRV - [1999/05/28 03:43:28 | 000,024,064 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\Wtclass.sys -- (WtClass)
DRV - [1999/05/28 03:43:28 | 000,013,120 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Windows\System32\drivers\Aipclass.sys -- (aipclass)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\chmielpops_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/7
IE - HKU\chmielpops_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://actu.voila.fr/
IE - HKU\chmielpops_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\chmielpops_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\chmielpops_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/14 05:52:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2011/10/12 04:55:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\chmielpops_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [atwtusb] C:\Windows\System32\ATWTUSB.EXE ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [InetAccelerator] C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [InetAccelerator.] C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tblmouse] C:\Windows\System32\TBLMOUSE.EXE (WALTOP International Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\chmielpops_ON_C..\Run: [1ta9pcql.exe] C:\Users\chmielpops\AppData\Roaming\1ta9pcql.exe (Orb Networks)
O4 - HKU\chmielpops_ON_C..\Run: [FileSystem] File not found
O4 - HKU\chmielpops_ON_C..\Run: [InetAccelerator] C:\Users\chmielpops\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O4 - HKU\chmielpops_ON_C..\Run: [LG LinkAir] C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\LinkAir.exe (Mobile Leader Co.,Ltd.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\chmielpops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics10\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\InetAccelerator\InetAccelerator.exe) - C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\InetAccelerator.exe) - C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O20 - HKU\chmielpops_ON_C Winlogon: Shell - (C:\Users\chmielpops\AppData\Roaming\InetAccelerator\InetAccelerator.exe) - C:\Users\chmielpops\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKU\chmielpops_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: [b]msnmsgr/b - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2012/02/03 05:43:21 | 000,335,872 | ---- | C] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
[2012/02/03 05:38:19 | 000,217,088 | ---- | C] (Orb Networks) -- C:\Users\chmielpops\AppData\Roaming\1ta9pcql.exe
[2012/02/03 05:38:19 | 000,000,000 | ---D | C] -- C:\Users\chmielpops\AppData\Roaming\InetAccelerator
[2012/02/03 05:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\InetAccelerator
[2012/01/26 11:10:19 | 000,000,000 | ---D | C] -- C:\Users\chmielpops\AppData\Roaming\Skype
[2012/01/26 11:10:05 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/26 11:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/26 11:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/01/26 11:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/03/18 12:36:08 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\chmielpops\AppData\Roaming\DataSafeDotNet.exe
[6 C:\Users\chmielpops\Documents\*.tmp files -> C:\Users\chmielpops\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2012/02/17 12:26:10 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 12:26:00 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AF6984B4-16E8-4EEF-A2A8-EFDF7AEA4793}.job
[2012/02/17 11:57:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 05:46:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 05:46:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 03:46:38 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 15:26:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/03 07:50:24 | 000,101,376 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/02/03 05:38:17 | 000,335,872 | ---- | M] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
[2012/02/03 05:38:16 | 000,217,088 | ---- | M] (Orb Networks) -- C:\Users\chmielpops\AppData\Roaming\1ta9pcql.exe
[2012/02/03 03:27:09 | 092,422,660 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/02 17:26:18 | 000,228,352 | ---- | M] () -- C:\Users\chmielpops\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 07:47:13 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/02/02 07:47:13 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/02 07:47:13 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/02/02 07:47:13 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/02 02:46:38 | 000,006,836 | ---- | M] () -- C:\Users\chmielpops\AppData\Local\d3d9caps.dat
[2012/01/26 11:10:05 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/26 11:10:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[6 C:\Users\chmielpops\Documents\*.tmp files -> C:\Users\chmielpops\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2012/02/17 03:46:38 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/26 11:10:05 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/15 09:24:20 | 000,000,008 | ---- | C] () -- C:\Users\chmielpops\AppData\Roaming\sbc7xc2syjewqq7c.dat
[2011/10/11 11:40:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/10/11 11:40:12 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010/03/17 20:03:42 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010/02/24 18:24:02 | 000,009,276 | -HS- | C] () -- C:\Users\chmielpops\AppData\Local\Xi7h20PI0
[2010/01/27 06:52:08 | 000,006,836 | ---- | C] () -- C:\Users\chmielpops\AppData\Local\d3d9caps.dat
[2009/12/07 09:18:23 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ATWTUSB.EXE
[2009/12/07 09:18:23 | 000,097,952 | ---- | C] () -- C:\Windows\RmTablet.exe
[2009/12/07 08:16:19 | 000,085,504 | ---- | C] () -- C:\Windows\System32\Wintab32.exe
[2009/12/07 08:16:19 | 000,036,352 | ---- | C] () -- C:\Windows\System32\Instsrv.dll
[2009/12/07 08:16:19 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\Wtclass.sys
[2009/12/07 08:16:18 | 000,005,511 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/10/20 06:03:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/07/24 20:00:19 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/18 05:36:58 | 000,228,352 | ---- | C] () -- C:\Users\chmielpops\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/07 22:07:14 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/07 22:07:14 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/07 22:07:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/07/07 22:07:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/07/07 14:12:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/23 07:54:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/23 07:54:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/21 03:40:50 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/01/21 03:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/01/21 03:40:50 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/01/21 03:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,332,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/04/01 03:58:02 | 000,005,260 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========/color

[2012/02/03 05:38:19 | 000,000,000 | ---D | M] -- C:\Users\chmielpops\AppData\Roaming\InetAccelerator
[2011/10/11 15:08:35 | 000,000,000 | ---D | M] -- C:\Users\chmielpops\AppData\Roaming\LG Electronics
[2009/12/01 15:45:20 | 000,000,000 | ---D | M] -- C:\Users\chmielpops\AppData\Roaming\Windows Live Writer
[2010/02/14 20:22:00 | 000,000,000 | ---D | M] -- C:\Users\chmielpops\AppData\Roaming\XnView
[2009/07/18 05:05:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/12/15 10:08:41 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2009/07/18 05:05:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2011/03/15 05:44:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009/12/07 18:28:54 | 000,000,000 | ---D | M] -- C:\ProgramData\ConeXware
[2009/07/18 05:05:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/09/10 04:28:07 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2009/07/18 05:05:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2010/04/20 08:34:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Geonaute
[2012/02/03 05:38:19 | 000,000,000 | ---D | M] -- C:\ProgramData\InetAccelerator
[2011/10/11 11:40:43 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2009/07/18 05:05:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2009/07/18 05:05:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2009/07/07 12:37:08 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/07/07 12:37:08 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2009/07/07 12:37:10 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2011/12/14 06:53:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Tablet
[2009/07/07 12:31:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/09/27 07:41:51 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/02/03 03:22:30 | 000,032,502 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/17 12:26:00 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AF6984B4-16E8-4EEF-A2A8-EFDF7AEA4793}.job

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >/color
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 21:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/09/01 11:00:09 | 000,000,091 | ---- | M] () -- C:\CT350.LOG
[2003/07/17 03:22:30 | 000,554,205 | R--- | M] () -- C:\data1.cab
[2003/07/17 03:22:32 | 000,027,289 | R--- | M] () -- C:\data1.hdr
[2003/07/17 03:22:32 | 003,003,619 | R--- | M] () -- C:\data2.cab
[2009/07/07 22:07:22 | 000,004,868 | RH-- | M] () -- C:\dell.sdr
[2003/07/17 03:18:58 | 000,001,030 | R--- | M] () -- C:\dslgui.ini
[2012/02/17 03:46:38 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2001/09/04 21:24:02 | 000,344,923 | R--- | M] () -- C:\ikernel.ex_
[2009/12/07 08:16:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/07/17 03:22:32 | 000,000,474 | R--- | M] () -- C:\layout.bin
[2009/12/07 08:16:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/27 17:35:09 | 000,230,432 | ---- | M] () -- C:\PA207.DAT
[2012/02/17 03:46:37 | 3533,131,776 | -HS- | M] () -- C:\pagefile.sys
[2001/09/04 21:23:24 | 000,056,320 | R--- | M] (InstallShield Software Corporation) -- C:\Setup.exe
[2003/07/18 12:34:40 | 000,013,792 | R--- | M] () -- C:\Setup.ini
[2003/07/17 03:19:58 | 000,146,574 | R--- | M] () -- C:\Setup.inx
[2003/04/25 03:06:28 | 000,000,263 | R--- | M] () -- C:\setup.iss
[2011/10/11 17:25:09 | 000,000,000 | ---- | M] () -- C:\Tech_Vista.log
[2003/02/11 04:23:54 | 000,135,168 | R--- | M] (Analog Devices.) -- C:\unaddrv.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color
[2001/09/04 21:23:24 | 000,056,320 | R--- | M] (InstallShield Software Corporation) -- C:\Setup.exe
[2003/02/11 04:23:54 | 000,135,168 | R--- | M] (Analog Devices.) -- C:\unaddrv.exe

[color=#A23BEC]< %PROGRAMFILES%\*.* >/color
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

[color=#A23BEC]< %PROGRAMFILES%\*. >/color
[2009/07/22 15:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/09/08 11:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\Alcatel
[2009/07/07 12:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/11/03 04:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/07/07 12:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/01/26 11:10:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/12/07 08:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Company
[2009/07/07 12:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2010/03/18 16:52:31 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2009/07/07 12:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2009/07/07 12:37:03 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/02/07 00:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\DVD PixPlay
[2010/09/27 05:26:02 | 000,000,000 | ---D | M] -- C:\Program Files\eMule10
[2009/07/18 05:05:00 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
[2009/09/24 11:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Geonaute KeyMaze 300
[2010/04/21 14:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Geonaute Software
[2010/02/06 23:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\GlobFX Technologies
[2011/11/22 03:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/10/11 15:34:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/07/07 12:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/17 20:29:36 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/07/07 12:25:13 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/10/11 16:32:42 | 000,000,000 | ---D | M] -- C:\Program Files\KU580
[2011/10/12 05:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2011/10/12 05:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics10
[2009/09/28 19:15:26 | 000,000,000 | ---D | M] -- C:\Program Files\LG mobile
[2011/10/11 12:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\LG PC Suite 2
[2011/12/17 16:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/19 20:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/10/05 04:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/24 15:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/10/12 20:22:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/07 12:39:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/07 12:40:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/12/15 21:09:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/26 13:20:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 02:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/10/11 19:07:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/02/07 00:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2010/08/31 11:14:54 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2009/10/20 06:04:15 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2009/10/20 06:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\pdfforge Toolbar
[2009/12/07 18:28:51 | 000,000,000 | ---D | M] -- C:\Program Files\PowerArchiver
[2009/09/24 11:12:30 | 000,000,000 | ---D | M] -- C:\Program Files\Prolific
[2010/12/14 05:52:14 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/07 14:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/07 12:31:53 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/02/07 08:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\RSlideShow
[2012/01/26 11:10:05 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/01/29 23:26:48 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/03 17:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/01/20 21:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/20 21:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/20 21:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/20 21:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/08/19 20:34:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/07/07 12:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/06/17 20:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 12:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/10 14:35:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile Device Handbook
[2009/07/18 05:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/20 21:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/20 21:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/10/28 15:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/02/05 21:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\XnView


[color=#A23BEC]< MD5 for: AGP440.SYS >/color
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >/color
[2009/04/23 07:36:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009/04/23 07:36:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/23 07:36:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/23 07:35:59 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

[color=#A23BEC]< MD5 for: AUTOCHK.EXE >/color
[2009/04/11 01:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 21:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\System32\autochk.exe
[2008/01/20 21:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

[color=#A23BEC]< MD5 for: BEEP.SYS >/color
[2008/01/20 21:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/20 21:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >/color
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2009/04/23 07:51:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/23 07:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2009/04/23 07:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/23 07:51:51 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/23 07:51:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >/color
[2009/01/13 22:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Drivers\storage\R208088\IaStor.sys
[2009/01/13 22:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\drivers\iaStor.sys
[2009/01/13 22:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3c4af4a0\iaStor.sys
[2009/01/13 22:51:58 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_976b5a8f\iaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >/color
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=#A23BEC]< MD5 for: IMM32.DLL >/color
[2009/04/11 01:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=C8BDCECEE082B54F0BAC838BF0A34597 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll
[2008/01/20 21:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\System32\imm32.dll
[2008/01/20 21:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) MD5=EC17194A193CD8E90D27CFB93DFA9A2E -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll

[color=#A23BEC]< MD5 for: KERNEL32.DLL >/color
[2009/07/07 22:06:06 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2011/04/12 09:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) MD5=306835D4E74E49A5D10F0FCA0B422EB1 -- C:\Windows\System32\kernel32.dll
[2011/04/12 09:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) MD5=306835D4E74E49A5D10F0FCA0B422EB1 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[2011/04/12 09:30:37 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=497A2DA8181560B3E2F8FFE0092FD1E6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[2011/04/12 11:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) MD5=574B473FACAA0E91702B86578440B525 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[2011/04/12 10:08:23 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=7062DEB220FA1CCB1B65FC40D6E7D807 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[2009/07/07 22:06:07 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/07/07 22:06:07 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/04/11 01:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[2009/07/07 22:06:06 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/20 21:24:13 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll

[color=#A23BEC]< MD5 for: MSWSOCK.DLL >/color
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 21:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008/01/20 21:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >/color
[2009/04/11 01:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/20 21:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008/02/07 23:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\System32\drivers\ndis.sys
[2008/02/07 23:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
[2008/02/07 23:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) MD5=E50187F20ED749F57C97836FEDE14BD6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >/color
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NTFS.SYS >/color
[2009/04/11 01:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008/01/20 21:23:51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\System32\drivers\ntfs.sys
[2008/01/20 21:23:51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

[color=#A23BEC]< MD5 for: NTMSSVC.DLL >/color
[2008/01/20 21:25:28 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >/color
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=#A23BEC]< MD5 for: PROQUOTA.EXE >/color
[2006/11/02 04:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 04:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

[color=#A23BEC]< MD5 for: QMGR.DLL >/color
[2008/01/20 21:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\System32\qmgr.dll
[2008/01/20 21:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >/color
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
A voir également:

9 réponses

Réponse 1 / 9
Utilisateur anonyme
18 févr. 2012 à 00:51
Bonsoir

Ton rapport est incomplet.

Pour transmettre le rapport clique sur ce lien :


http://pjjoint.malekal.com/

https://www.cjoint.com/

Clique sur Parcourir et cherche le fichier : Nom_complet_du_fichier (Fichier demandé )
Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

@+
0
Réponse 2 / 9
stram
18 févr. 2012 à 01:03
j'ai suivi ce que tu m'as dit et j'ai ce lien:

http://pjjoint.malekal.com/files.php?id=20120218_e15h14h9i6b11
0
Réponse 3 / 9
Utilisateur anonyme
18 févr. 2012 à 01:13
Re

* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", selectionne "Yes"
* quand demandé "Do you wish to load remote user profile(s) for scanning", selectionne "Yes"
* verifier que "Automatically Load All Remaining Users" est sélectionné et presse OK


http://imagesup.org/image

* sous Custom Scan box copie_colle le tout ci dessous et clic RUNFIX

:OTL
IE - HKU\chmielpops_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\chmielpops_ON_C..\Run: [1ta9pcql.exe] C:\Users\chmielpops\AppData\Roaming\1ta9pcql.exe (Orb Networks)
O4 - HKU\chmielpops_ON_C..\Run: [InetAccelerator] C:\Users\chmielpops\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKU\chmielpops_ON_C Winlogon: Shell - (C:\Users\chmielpops\AppData\Roaming\InetAccelerator\InetAccelerator.exe) - C:\Users\chmielpops\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
[2012/02/03 05:38:19 | 000,217,088 | ---- | C] (Orb Networks) -- C:\Users\chmielpops\AppData\Roaming\1ta9pcql.exe
[2012/02/03 05:38:16 | 000,217,088 | ---- | M] (Orb Networks) -- C:\Users\chmielpops\AppData\Roaming\1ta9pcql.exe
[2009/10/20 06:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\pdfforge Toolbar


:files
C:\Windows\explorer.exe | C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe /replace


tu conserves le rapport qui s'affiche ; et tu le copies et colles dans ta prochaine réponse


@+
0
Réponse 4 / 9
stram
18 févr. 2012 à 13:35
aïe, y'a un petit problème:
j'ai fait ce que tu m'as dit en cliquant sur run fix. a la fin, il me demande si je veux redémarrer mon ordinateur. il ne m'affiche pas de rapport. je dis que oui et mon ordinateur ne s'éteint pas. J'ai essayé de l'éteindre avec le menu démarrer mais il ne veut pas non plus.
bref, je pensais que je pouvais pourtant accéder à mon navigateur. mais que ce soit en mode sans echec ou en mode "normal", j'ai toujours la fenêtre du virus qui s'affiche au démarrage.
je fais quoi?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Utilisateur anonyme
18 févr. 2012 à 13:51
Bonjour

Tu reprends la manipulation avec OTLPE mais avec le script RUNFIX

@+
0
Réponse 6 / 9
stram
18 févr. 2012 à 14:01
c'est à dire? je refais l'opération avec run fix?
en fait, en cherchant, j'ai trouvé un rapport après cette opération. et j'ai cru voir que le fichier explorer n'avait pu être remplacé parceque je n'avais pas rebooté le système.
mais je n'arrive pas à l'éteindre. j'ai du débrancher à la sauvage mon pc pour le redémarrer.
0
Utilisateur anonyme
18 févr. 2012 à 14:10
Fait pour le mieux
0
stram
18 févr. 2012 à 14:16
je vais refaire un scan avec les lignes de commande que tu as posté sur une autre discussion pour un problème équivalent;
Peut être que le souci vient de là et que j'ai oublié une ligne de commande
0
Utilisateur anonyme
18 févr. 2012 à 14:18
Tu n'as pas à oublier il suffit de copier et coller
0
a
18 févr. 2012 à 14:37
oui mais mes lignes de commande de scan, je les ai copier/coller ici:
http://forum.touslespodcasts.com/telecharger/securite/virus-gendarmerie-453088/messages-1.html
et elles sont différentes (je ne sais pas si c'est important ou pas) de celles que tu donnes ici:
http://www.commentcamarche.net/forum/affich-24479334-virus-violation-de-la-loi-francaise

Mais je pense que mon problème principal est de ne pas pouvoir éteindre mon ordinateur proprement avec le cd live. Il ne doit pas remplacer mon fichier explorer quand je l'éteint comme un barbare. Il n'y aurait pas un programme sur otlpe pour forcer la fermeture ou avoir le redémarrage?
0
Réponse 7 / 9
a
18 févr. 2012 à 18:12
je pense qu'il y a un problème dans le correctif que tu m'as donné parceque je peux très bien éteindre mon ordinateur avec otlpe avant de faire l'opération runfix.
après avoir copier/coller tes lignes de correction, je n'y parviens plus.
j'ai refais le scan avec les lignes de commande que tu indiquais dans une autre discussion du forum. voici le résultat... je dois modifier quoi?
merci de ton/votre aide

http://pjjoint.malekal.com/files.php?id=20120218_h5g9f14s12k14
0
Réponse 8 / 9
a
18 févr. 2012 à 20:05
help please !!
0
Utilisateur anonyme
18 févr. 2012 à 20:18
Bonsoir

Inscris toi et on verra ensuite.
0
stram
Modifié par stram le 18/02/2012 à 21:58
en fait, c'est pour faire suite aux messages précédents. Je n'arrivais plus à me connecter sous mon pseudo initial: stram.
j'ai compris que je ne pouvais pas redémarrer mon ordinateur proprement dès que j'utilise otlpe sur le cd live otlpe. que ce soit après un scan ou après avoir exécuté run fix.
Tu n'aurais pas des suggestions? ça ne peut pas provenir du correctif que tu m'as donné?
merci en tout cas pour ta patience et ton aide
0
Réponse 9 / 9
Utilisateur anonyme
19 févr. 2012 à 09:56
Bonjour

Nous allons proceder au seul remplacement de explorer.exe.


* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", selectionne "Yes"
* quand demandé "Do you wish to load remote user profile(s) for scanning", selectionne "Yes"
* verifier que "Automatically Load All Remaining Users" est sélectionné et presse OK


http://imagesup.org/image

* sous Custom Scan box copie_colle le tout ci dessous et clic RUNFIX


:files
C:\Windows\explorer.exe | C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe /replace


tu conserves le rapport qui s'affiche ; et tu le copies et colles dans ta prochaine réponse
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Appel de là-bas gendarmerie par un 06
Sabibi -
Aranud87 -

2 réponses
convocation gendarmerie sans motif
david 38 -
BmV -

27 réponses