Sujet Précédent Sujet Suivant

Virus Gendarmerie rançon 100 €

Résolu/Fermé
pilouv Messages postés 3 Date d'inscription lundi 20 mai 2013 Statut Membre Dernière intervention 20 mai 2013 - 20 mai 2013 à 13:32
pilouv Messages postés 3 Date d'inscription lundi 20 mai 2013 Statut Membre Dernière intervention 20 mai 2013 - 20 mai 2013 à 14:20
Bonjour à tous,

j'en appelle à votre aide pour le virus qui bloque depuis hier après-midi mon ordinateur (sous Windows 7).
Il s'agit du virus Gendarmerie qui rançonne de 100 €, identique à celui dont narva32 a été victime le 13 mai. Je me suis d'ailleurs permis de commencer tout seul comme un grand à appliquer la procédure qui lui a été indiquée par Guillaume5188.
J'ai dont créé un CD OTLPE sous environnement seven, j'ai redémarré mon PC sur ce CD et j'ai lancé OTLPE avec les paramètres mentionnés.

Voici le rapport du scan, en espérant ne pas avoir brûlé les étapes et en vous remerciant d'avance :

OTL logfile created on: 20/05/2013 13:00:51 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Program Files\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\windows | %ProgramFiles% = E:\Program Files
Drive C: | 100,00 Mb Total Space | 70,23 Mb Free Space | 70,23% Space Free | Partition Type: NTFS
Drive D: | 350,66 Gb Total Space | 245,21 Gb Free Space | 69,93% Space Free | Partition Type: NTFS
Drive E: | 100,00 Gb Total Space | 66,50 Gb Free Space | 66,50% Space Free | Partition Type: NTFS
Drive F: | 15,00 Gb Total Space | 5,32 Gb Free Space | 35,50% Space Free | Partition Type: NTFS
Drive G: | 327,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
Drive X: | 254,86 Mb Total Space | 252,43 Mb Free Space | 99,05% Space Free | Partition Type: NTFS

Computer Name: MININT-5FUGC45 | User Name: Système
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2013/05/14 20:53:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- E:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/08/13 18:01:56 | 000,660,576 | ---- | M] (Acronis) [Auto] -- E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/06/29 20:31:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/13 01:29:16 | 000,114,688 | ---- | M] () [Auto] -- E:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009/10/13 07:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/09/28 08:22:00 | 000,364,544 | ---- | M] (Marvell) [Auto] -- E:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/09/02 08:55:32 | 000,172,032 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/28 03:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto] -- E:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto] -- E:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2008/01/16 09:46:24 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto] -- E:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System] -- E:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System] -- E:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- E:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto] -- E:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- E:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System] -- E:\windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- E:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/12/10 22:19:32 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/16 09:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand] -- E:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2009/10/16 09:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System] -- E:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2009/10/16 09:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand] -- E:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/02 09:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand] -- E:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009/07/21 23:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- E:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Laurent_ON_E\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/webhp?gws_rd=ssl
IE - HKU\Laurent_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\Laurent_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Laurent_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local






FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: E:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: E:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: E:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: E:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: E:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: E:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\


O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - E:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Laurent_ON_E\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Laurent_ON_E\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - E:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [adm_tray.exe] E:\Program Files\Acronis\DriveMonitor\adm_tray.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] E:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Service Planificateur2 Acronis] E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Laurent_ON_E..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Laurent_ON_E..\Run: [Gadwin PrintScreen] E:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d'écran et lancement.lnk = File not found
O4 - Startup: E:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = File not found
O4 - Startup: E:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = File not found
O4 - Startup: E:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Laurent_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - E:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - E:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Laurent_ON_E Winlogon: Shell - (explorer.exe) - E:\windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Laurent_ON_E Winlogon: Shell - (C:\Users\Laurent\AppData\Roaming\AltShell.dat) - E:\Users\Laurent\AppData\Roaming\AltShell.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{19f624ee-e5d2-11de-acdf-00245415e88d}\Shell - "" = AutoRun
O33 - MountPoints2\{19f624ee-e5d2-11de-acdf-00245415e88d}\Shell\AutoRun\command - "" = P:\AUTO.EXE
O33 - MountPoints2\{19f62507-e5d2-11de-acdf-00245415e88d}\Shell - "" = AutoRun
O33 - MountPoints2\{19f62507-e5d2-11de-acdf-00245415e88d}\Shell\AutoRun\command - "" = R:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: [b]Adobe ARM/b - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher/b - hkey= - key= - File not found
MsConfig - StartUpReg: [b]BCSSync/b - hkey= - key= - E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]CanonMyPrinter/b - hkey= - key= - E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: [b]CanonSolutionMenu/b - hkey= - key= - E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: [b]iTunesHelper/b - hkey= - key= - E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: [b]OfficeSyncProcess/b - hkey= - key= - E:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
MsConfig - StartUpReg: [b]PC Suite Tray/b - hkey= - key= - E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: [b]QuickTime Task/b - hkey= - key= - E:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: [b]TkBellExe/b - hkey= - key= - E:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: [b]UCam_Menu/b - hkey= - key= - E:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: [b]WLSync/b - hkey= - key= - E:\Program Files\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - E:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - E:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - E:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - E:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - E:\windows\System32\iccvid.dll (Radius Inc.)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2013/05/20 06:29:58 | 000,000,000 | ---D | C] -- E:\_OTL
[2013/05/20 02:06:54 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/05/19 15:44:32 | 000,000,000 | ---D | C] -- E:\windows\Sun
[2013/05/15 21:20:22 | 002,706,432 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\mshtml.tlb
[2013/05/15 21:20:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\jscript.dll
[2013/05/15 21:20:20 | 002,877,440 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\jscript9.dll
[2013/05/15 21:20:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\ieui.dll
[2013/05/15 21:20:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\iesetup.dll
[2013/05/15 21:20:19 | 000,039,424 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\jsproxy.dll
[2013/05/15 21:20:18 | 000,493,056 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\msfeeds.dll
[2013/05/15 21:20:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\RegisterIEPKEYs.exe
[2013/05/15 21:20:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\ie4uinit.exe
[2013/05/15 21:20:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\iernonce.dll
[2013/05/15 21:20:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\iesysprep.dll
[2013/05/15 19:52:48 | 002,347,520 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\win32k.sys
[2013/05/15 19:52:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\wwanprotdim.dll
[2013/05/15 19:52:41 | 000,218,984 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\drivers\dxgmms1.sys
[2013/05/15 19:52:35 | 001,796,096 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\authui.dll
[2013/05/15 19:52:35 | 000,101,720 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\consent.exe
[2013/05/12 16:52:35 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\IGN Rando
[2013/05/12 16:51:58 | 000,192,272 | ---- | C] (Microsoft Corporation) -- E:\windows\System32\MCI32.OCX
[2013/05/12 16:51:57 | 000,000,000 | ---D | C] -- E:\Program Files\IGN Rando
[2013/05/05 20:46:12 | 000,000,000 | ---D | C] -- E:\Users\Laurent\AppData\Local\{3172129A-5AC5-4D7A-A5B3-E5F79DA49DC2}
[2013/05/04 16:28:55 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/23 21:17:55 | 000,000,000 | ---D | C] -- E:\Users\Laurent\AppData\Local\{46A36EAD-2544-4BFB-9D35-4050AB22DBCA}

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2013/05/20 21:20:05 | 000,067,584 | --S- | M] () -- E:\windows\bootstat.dat
[2013/05/20 16:29:38 | 000,000,512 | ---- | M] () -- E:\Physical0MBR.bin
[2013/05/20 00:58:24 | 000,014,736 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 00:58:24 | 000,014,736 | -H-- | M] () -- E:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 00:51:32 | 000,001,002 | ---- | M] () -- E:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/19 22:03:56 | 000,000,004 | ---- | M] () -- E:\Users\Laurent\AppData\Roaming\AltShell.ini
[2013/05/19 22:02:32 | 2388,086,784 | -HS- | M] () -- E:\hiberfil.sys
[2013/05/18 16:13:55 | 000,802,776 | ---- | M] () -- E:\windows\System32\perfh00C.dat
[2013/05/18 16:13:55 | 000,701,988 | ---- | M] () -- E:\windows\System32\perfh009.dat
[2013/05/18 16:13:55 | 000,172,740 | ---- | M] () -- E:\windows\System32\perfc00C.dat
[2013/05/18 16:13:55 | 000,139,674 | ---- | M] () -- E:\windows\System32\perfc009.dat
[2013/05/15 21:24:19 | 000,414,144 | ---- | M] () -- E:\windows\System32\FNTCACHE.DAT
[2013/05/14 20:53:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- E:\windows\System32\FlashPlayerApp.exe
[2013/05/14 20:53:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- E:\windows\System32\FlashPlayerCPLApp.cpl
[2013/05/14 19:53:11 | 000,271,360 | ---- | M] () -- E:\Outlook.pst
[2013/05/12 16:52:35 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\IGN Rando
[2013/05/06 16:00:22 | 000,081,821 | ---- | M] () -- E:\windows\unins000.dat
[2013/05/06 15:57:44 | 001,169,609 | ---- | M] () -- E:\windows\unins000.exe
[2013/05/05 20:35:51 | 000,001,270 | ---- | M] () -- E:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d'écran et lancement.lnk
[2013/05/04 16:28:55 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/03 21:18:37 | 000,003,084 | ---- | M] () -- E:\windows\CARTESURTABLE.INI
[2013/05/02 01:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- E:\windows\System32\MpSigStub.exe

[color=#E56717]========== Files Created - No Company Name ==========/color

[2013/05/20 06:00:54 | 000,000,512 | ---- | C] () -- E:\Physical0MBR.bin
[2013/05/19 15:44:59 | 000,000,004 | ---- | C] () -- E:\Users\Laurent\AppData\Roaming\AltShell.ini
[2013/05/06 16:00:21 | 001,169,609 | ---- | C] () -- E:\windows\unins000.exe
[2013/05/06 16:00:21 | 000,081,821 | ---- | C] () -- E:\windows\unins000.dat
[2013/01/17 21:58:39 | 000,033,571 | ---- | C] () -- E:\Users\Laurent\AppData\Local\recently-used.xbel
[2012/09/06 19:56:32 | 000,000,105 | ---- | C] () -- E:\windows\Littre.ini
[2012/02/12 21:00:25 | 000,000,069 | ---- | C] () -- E:\windows\NeroDigital.ini
[2012/01/16 18:55:27 | 000,030,720 | ---- | C] () -- E:\Users\Laurent\AppData\Roaming\AltShell.dat
[2011/11/14 18:03:46 | 000,240,640 | ---- | C] () -- E:\windows\System32\nmocod.dll
[2011/11/14 18:03:14 | 000,045,056 | ---- | C] () -- E:\windows\System32\B3UNINST.DLL
[2011/11/14 18:03:14 | 000,036,864 | ---- | C] () -- E:\windows\System32\PDUNINST.DLL
[2011/11/14 17:54:14 | 000,035,328 | ---- | C] () -- E:\windows\System32\inetwh32.dll
[2011/11/14 17:54:14 | 000,009,136 | ---- | C] () -- E:\windows\System32\inetwh16.dll
[2011/11/14 17:51:18 | 000,000,499 | ---- | C] () -- E:\windows\BDE.INI
[2011/11/14 17:51:18 | 000,000,142 | ---- | C] () -- E:\windows\BCW5.INI
[2011/11/14 17:51:18 | 000,000,085 | ---- | C] () -- E:\windows\TDW.INI
[2011/11/14 17:51:16 | 000,185,344 | ---- | C] () -- E:\windows\System32\bocof.dll
[2011/11/14 17:51:16 | 000,159,744 | ---- | C] () -- E:\windows\System32\bw32000c.dll
[2011/11/14 17:51:16 | 000,159,744 | ---- | C] () -- E:\windows\System32\bw320007.dll
[2011/11/14 17:51:15 | 000,000,586 | ---- | C] () -- E:\windows\owl.ini
[2011/08/26 21:36:22 | 000,000,104 | ---- | C] () -- E:\windows\wininit.ini
[2011/06/30 21:00:16 | 000,000,128 | ---- | C] () -- E:\Users\Laurent\AppData\Roaming\default.rss
[2010/11/03 22:34:32 | 000,000,788 | ---- | C] () -- E:\windows\boxes.dat
[2010/10/26 21:53:30 | 000,000,850 | ---- | C] () -- E:\windows\Kyodai.ini
[2010/06/25 18:03:12 | 000,053,299 | ---- | C] () -- E:\windows\System32\pthreadVC.dll
[2010/03/07 21:59:42 | 000,618,496 | ---- | C] () -- E:\windows\System32\stlpmt45.dll
[2010/03/07 21:59:42 | 000,204,800 | ---- | C] () -- E:\windows\System32\LPNG.DLL
[2009/12/15 22:38:52 | 000,025,088 | ---- | C] () -- E:\Users\Laurent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 22:01:38 | 000,002,694 | ---- | C] () -- E:\windows\boxes.ini
[2009/12/11 21:54:15 | 000,049,664 | ---- | C] () -- E:\windows\kyoun.exe
[2009/12/11 19:01:51 | 000,000,150 | ---- | C] () -- E:\windows\System32\IC32.INI
[2009/12/11 19:01:50 | 000,251,392 | ---- | C] () -- E:\windows\System32\TX32.DLL
[2009/12/09 22:32:15 | 000,000,920 | ---- | C] () -- E:\windows\Borland Copy of WINHELP.INI
[2009/12/09 22:32:14 | 000,090,624 | ---- | C] () -- E:\windows\cg5rmv.exe
[2009/12/09 22:24:00 | 000,000,920 | ---- | C] () -- E:\windows\WINHELP.INI
[2009/12/09 22:22:05 | 000,091,136 | ---- | C] () -- E:\windows\BC5RMV.EXE
[2009/12/07 22:07:04 | 000,000,021 | ---- | C] () -- E:\windows\PS_setup.ini
[2009/12/06 18:00:31 | 000,003,084 | ---- | C] () -- E:\windows\CARTESURTABLE.INI
[2009/12/04 21:31:09 | 000,007,626 | ---- | C] () -- E:\Users\Laurent\AppData\Local\resmon.resmoncfg
[2009/12/03 17:16:52 | 000,000,002 | ---- | C] () -- E:\windows\HotFixList.ini
[2009/12/03 17:15:42 | 000,131,368 | ---- | C] () -- E:\ProgramData\FullRemove.exe
[2009/10/08 03:24:47 | 000,802,776 | ---- | C] () -- E:\windows\System32\perfh00C.dat
[2009/10/08 03:24:47 | 000,344,522 | ---- | C] () -- E:\windows\System32\perfi00C.dat
[2009/10/08 03:24:47 | 000,172,740 | ---- | C] () -- E:\windows\System32\perfc00C.dat
[2009/10/08 03:24:47 | 000,038,160 | ---- | C] () -- E:\windows\System32\perfd00C.dat
[2009/10/08 03:10:19 | 000,294,912 | ---- | C] () -- E:\windows\System32\ATIODE.exe
[2009/10/08 03:10:19 | 000,045,056 | ---- | C] () -- E:\windows\System32\ATIODCLI.exe
[2009/10/08 03:10:18 | 000,197,654 | ---- | C] () -- E:\windows\System32\atiicdxx.dat
[2009/10/08 02:48:12 | 000,000,000 | ---- | C] () -- E:\windows\ativpsrm.bin
[2009/10/07 11:15:09 | 000,307,200 | ---- | C] () -- E:\windows\SetDisplayResolution.exe
[2009/10/07 10:59:41 | 000,311,296 | ---- | C] () -- E:\windows\System32\Rezip.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- E:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,414,144 | ---- | C] () -- E:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,701,988 | ---- | C] () -- E:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- E:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,139,674 | ---- | C] () -- E:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- E:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- E:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- E:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- E:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- E:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- E:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- E:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- E:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- E:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- E:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- E:\windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========/color

[2011/02/26 18:36:47 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis
[2011/02/11 21:38:54 | 000,000,000 | ---D | M] -- E:\ProgramData\Alwil Software
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2009/12/31 21:50:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Arcade Lab
[2013/02/20 22:32:58 | 000,000,000 | ---D | M] -- E:\ProgramData\Canneverbe Limited
[2009/12/05 18:19:28 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonBJ
[2011/08/07 15:01:34 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJEGV
[2012/09/16 19:51:14 | 000,000,000 | -H-D | M] -- E:\ProgramData\CanonIJScan
[2010/12/31 19:50:02 | 000,000,000 | ---D | M] -- E:\ProgramData\Clarus
[2009/12/10 22:11:35 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2010/03/07 22:01:40 | 000,000,000 | ---D | M] -- E:\ProgramData\Généatique2010
[2012/08/24 20:51:13 | 000,000,000 | ---D | M] -- E:\ProgramData\Installations
[2010/11/26 20:12:14 | 000,000,000 | ---D | M] -- E:\ProgramData\NokiaInstallerCache
[2009/12/03 19:44:17 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2010/01/02 21:36:19 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Suite
[2009/10/07 11:16:06 | 000,000,000 | ---D | M] -- E:\ProgramData\SAMSUNG
[2009/12/26 17:35:00 | 000,000,000 | ---D | M] -- E:\ProgramData\Skyline
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2009/12/31 21:51:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2009/12/04 02:48:05 | 000,000,000 | ---D | M] -- E:\ProgramData\WinClon
[2011/10/09 20:52:26 | 000,000,000 | ---D | M] -- E:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 19:05:33 | 000,000,000 | ---D | M] -- E:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/05/09 12:29:38 | 000,032,496 | ---- | M] () -- E:\windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========/color



[color=#E56717]========== Custom Scans ==========/color


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color


[color=#A23BEC]< MD5 for: AGP440.SYS >/color
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- E:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >/color
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- E:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >/color
[2009/07/14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- E:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- E:\Windows\System32\drivers\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- E:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010/11/20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- E:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >/color
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< MD5 for: DISK.SYS >/color
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- E:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- E:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- E:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >/color
[2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- E:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- E:\Windows\System32\drivers\iaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- E:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >/color
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- E:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >/color
[2009/07/14 02:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) MD5=921C18727C5920D6C0300736646931C2 -- E:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_f26e7ae968595905\mountmgr.sys
[2010/11/20 13:30:00 | 000,078,208 | ---- | M] (Microsoft Corporation) MD5=FC8771F45ECCCFD89684E38842539B9B -- E:\Windows\System32\drivers\mountmgr.sys
[2010/11/20 13:30:00 | 000,078,208 | ---- | M] (Microsoft Corporation) MD5=FC8771F45ECCCFD89684E38842539B9B -- E:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.17514_none_f49f8eb16547dc9f\mountmgr.sys

[color=#A23BEC]< MD5 for: MRXSMB.SYS >/color
[2011/04/27 03:15:30 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=39A8FF477B3F5D0EDFE814155841C735 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21714_none_822275d1c87d251f\mrxsmb.sys
[2011/04/27 03:17:22 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=5D16C921E3671636C0EBA3BBAAC5FD25 -- E:\Windows\System32\drivers\mrxsmb.sys
[2011/04/27 03:17:22 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=5D16C921E3671636C0EBA3BBAAC5FD25 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17605_none_81a4a93caf5682bb\mrxsmb.sys
[2011/02/23 04:37:32 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=5DC06CEB9AA4B65E724376766EB410AB -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20907_none_8049e995cb4be947\mrxsmb.sys
[2010/01/08 04:17:36 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=9E5DD4EF01AED723ABF5342EF23FF012 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16499_none_7f60f67ab2758308\mrxsmb.sys
[2011/05/04 03:23:56 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=AE6248D356C6C1DE1623F0610B7FB0A3 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20959_none_8015da8dcb72a7aa\mrxsmb.sys
[2010/11/20 09:42:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=B272B4C3E085EA860C12F2E4FAF2FFA2 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_8198d720af5f882e\mrxsmb.sys
[2011/02/23 06:05:31 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=B4C76EF46322A9711C7B0F4E21EF6EA5 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16765_none_7f7d6ac8b260c14e\mrxsmb.sys
[2011/02/23 04:09:47 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=C76FD653DB8B90DA85EAD12B12FFFC9F -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_81ee64e3c8a3e65b\mrxsmb.sys
[2011/05/04 03:43:41 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=CA7570E42522E24324A12161DB14EC02 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16808_none_7fc14d14b22d62d4\mrxsmb.sys
[2010/02/27 08:33:23 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=DD364C196F822EDC52217E8E819C8664 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_8011d3b3cb764ad9\mrxsmb.sys
[2011/02/23 05:47:36 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=ED3D3419B064F28D812995ED8CADC541 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_8163c7ceaf872d3a\mrxsmb.sys
[2010/02/27 08:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F1B6AA08497EA86CA6EF6F7A08B0BFB8 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_7fa1d7e8b244d889\mrxsmb.sys
[2009/07/14 00:14:26 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F4A054BE78AF7F410129C4B64B07DC9B -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_7f67c358b2710494\mrxsmb.sys
[2010/01/08 04:18:17 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F7FCC6528D5B55C38CC436EB64D0D045 -- E:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20612_none_803a1285cb588f10\mrxsmb.sys

[color=#A23BEC]< MD5 for: MRXSMB10.SYS >/color
[2011/05/04 03:24:08 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=2FD4E6599970CC66D54C97BFE1FD8B4B -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20959_none_8928f8e1c5c3e60c\mrxsmb10.sys
[2011/02/23 04:37:48 | 000,222,208 | ---- | M] (Microsoft Corporation) MD5=383A8E2DBE6A3CE587B18AE00B77069C -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20907_none_895d07e9c59d27a9\mrxsmb10.sys
[2010/02/27 08:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=5613358B4050F46F5A9832DA8050D6E4 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_88b4f63cac9616eb\mrxsmb10.sys
[2010/01/08 04:18:02 | 000,221,184 | ---- | M] (Microsoft Corporation) MD5=6532ACBF612A8D340EF9E25E4FEF21EE -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16499_none_887414ceacc6c16a\mrxsmb10.sys
[2010/01/08 04:18:39 | 000,221,184 | ---- | M] (Microsoft Corporation) MD5=6ABCEE94178B7A16ACE59B7A4E4EEECB -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20612_none_894d30d9c5a9cd72\mrxsmb10.sys
[2011/07/09 03:30:00 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=6D17A4791ACA19328C685D256349FEFC -- E:\Windows\System32\drivers\mrxsmb10.sys
[2011/07/09 03:30:00 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=6D17A4791ACA19328C685D256349FEFC -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17647_none_8a8e8874a9c6638f\mrxsmb10.sys
[2011/07/09 03:20:52 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=6D8AB5E1EF631470014CB167C426A38F -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.21005_none_895adf77c59f283d\mrxsmb10.sys
[2011/04/27 03:15:44 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=91C0082B614090FEA7EFD3E86A97BD5D -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21714_none_8b359425c2ce6381\mrxsmb10.sys
[2010/11/20 09:44:18 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=9AC33EF26C8A3AD0F117D00EB7301D03 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17514_none_8aabf574a9b0c690\mrxsmb10.sys
[2010/02/27 08:33:51 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=9B4728B57E1D73AFE9A2D7DEF4845CC9 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8924f207c5c7893b\mrxsmb10.sys
[2011/04/27 03:17:36 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=A70C828A93CCE4C11617F6249F4D87FC -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17605_none_8ab7c790a9a7c11d\mrxsmb10.sys
[2011/07/09 04:15:40 | 000,223,744 | ---- | M] (Microsoft Corporation) MD5=AC8EB88C4176892062CF7A8952943662 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21767_none_8b028567c2f43b3b\mrxsmb10.sys
[2011/05/04 03:43:59 | 000,222,720 | ---- | M] (Microsoft Corporation) MD5=C108952D3660375DCB716B222912E868 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16808_none_88d46b68ac7ea136\mrxsmb10.sys
[2011/02/23 05:47:45 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=DC914446049169A964E27FD8888FFAEE -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.17565_none_8a76e622a9d86b9c\mrxsmb10.sys
[2009/07/14 00:14:37 | 000,221,184 | ---- | M] (Microsoft Corporation) MD5=DEFFA295BD1895C6ED8E3078412AC60B -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_887ae1acacc242f6\mrxsmb10.sys
[2011/02/23 06:05:41 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=E593D45024A3FDD11E93CC4A6CA91101 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16765_none_8890891cacb1ffb0\mrxsmb10.sys
[2011/07/09 03:26:10 | 000,222,720 | ---- | M] (Microsoft Corporation) MD5=F965C3AB2B2AE5C378F4562486E35051 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16847_none_88a82b6eac9ff7a3\mrxsmb10.sys
[2011/02/23 04:10:01 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=FF9C1079052D007EF6650BD526437F08 -- E:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7601.21666_none_8b018337c2f524bd\mrxsmb10.sys

[color=#A23BEC]< MD5 for: MRXSMB20.SYS >/color
[2011/05/04 03:23:59 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=05FCF029FB6915DF707222D3806C760A -- E:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20959_none_8b5f62f4041b197d\mrxsmb20.sys
[2009/07/14 00:14:31 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=24D76ABE5DCAD22F19D105F76FDF0CE1 -- E:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16385_none_8ab14bbeeb197667\mrxsmb20.sys
[2011/05/04 03:43:48 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=25C38264A3C72594DD21D355D70D7A5D -- E:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16808_none_8b0ad57aead5d4a7\mrxsmb20.sys
[2010/02/27 08:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=25C9792778D80FEB4C8201E62281BFDF -- E:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_8aeb604eeaed4a5c\mrxsmb20.sys
[2011/02/23 04:09:55

4 réponses

Réponse 1 / 4
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
Modifié par Malekal_morte- le 20/05/2013 à 13:39
Salut,

Relance OTL.
o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
O20 - HKU\Laurent_ON_E Winlogon: Shell - (C:\Users\Laurent\AppData\Roaming\AltShell.dat) - E:\Users\Laurent\AppData\Roaming\AltShell.dat ()

* redemarre le pc sous windows et poste le rapport ici

Redémarre sur Windows et vois ce que cela donne.


Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
1
Réponse 2 / 4
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
20 mai 2013 à 14:00
Si tu as la version 5 d'Avast! - il n'est pas à jour.
La dernière version est la 8 : https://www.malekal.com/tutoriel-antivirus-avast/


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Sécurise ton PC !

Important - ton infection est venue par un exploit sur site web :

Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
Exemple avec : Exploit Java

Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.

IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
https://forum.malekal.com/viewtopic.php?t=15960&start=

Désactive Java de tes navigateurs WEB : https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web


Passe le mot à tes amis !

~~

Filtrer les PUPs/Adwares les plus fréquents avec HOSTS Anti-PUPs/Adwares : http://www.malekal.com/2012/01/10/hosts-anti-pupsadware/

~~

Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html


1
Réponse 3 / 4
pilouv Messages postés 3 Date d'inscription lundi 20 mai 2013 Statut Membre Dernière intervention 20 mai 2013
20 mai 2013 à 13:56
Super, j'ai redémarré le PC et je ne vois plus ma photo sur un document de gendarmerie mais mon beau bureau tout propre. Bravo pour votre réactivité et votre efficacité.

Voici le rapport du fix :

========== OTL ==========
Registry value HKEY_USERS\Laurent_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Laurent\AppData\Roaming\AltShell.dat deleted successfully.
E:\Users\Laurent\AppData\Roaming\AltShell.dat moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 05202013_134615
0
Réponse 4 / 4
pilouv Messages postés 3 Date d'inscription lundi 20 mai 2013 Statut Membre Dernière intervention 20 mai 2013
20 mai 2013 à 14:20
Je vais suivre tes recommandations.

Encore une fois merci infiniment
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
taxe foncière pour locataire
Cryséis -
irongege -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
1Go en Mo ou 100 Mo en Go comment convertir
Utilisateur anonyme -
marie -

6 réponses