[Résolu] Pic d'utilisation mémoire aléatoire

Edwardounet · le 2 mai 2011

Bonjour lance_yien,

Merci encore de t'occuper de mon cas.

Le problème persiste oui, mais j'ai aussi quelques informations en plus à fournir.

J'ai remarqué ce matin que le pic d'utilisation mémoire se faisait de façon progressif. Il y a un battement de quelques secondes (environ 5 à 10) avant de passer d'un pallier à l'autre, ce n'est pas brusque, ça ne passe pas de 19% à 95% d'un coup. (La ré actualisation est de 1seconde dans le gestionnaire de tâche, ce n'est donc pas ça qui provoque le battement)

Autre chose, il me semble que le problème apparaisse uniquement lorsque l'explorateur est sollicité. Par exemple en ouvrant une fenêtre ou lorsqu'un programme en fait apparaître une.

lance_yien · le 2 mai 2011

Selon ton rapport la mémoire est utilisé à seulement 33% en temps normal:

"4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free"

--

Certains services ne semblent pas être d'actualité en va en supprimer, mais avant il faut créer un point de restauration pour le cas où:

Cliquer-droit sur "Ordinateur" => "Propriétés" => "Protection Système". Cliquer sur le nom de la partition système (généralement C:) puis sur "Créer". Dans la nouvelle fenêtre mettre un un nom à cette restauration et cliquer sur "Créer". Attendre la fin et cliquer sur "OK" pour fermer la fenêtre.

--

Cliquer sur "Démarrer" => "Exécuter". Saisir Notepad et cliquer sur "OK".

Copier et coller ces lignes:

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\SysWOW64\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe | c:\windows\explorer.exe

Driver::

USBAAPL64

VBoxNetAdp

VBoxNetFlt

WatAdminSvc

sptd;sptd

mv91xx

ehdrv

cpuz133

eamonm

epfwwfp

vmci

amdiox64

amdkmdag

amdkmdap

androidusb

nusb3hub

nusb3xhc

P0620VID

RTL8167

RzSynapse

zghsmdm

Cliquer sur "Fichier" => "Enregistrer". Dans "Nom du fichier", saisir ou coller CFScript.txt, cliquer sur Bureau à gauche puis sur "Enregistrer" en bas à droite.

Fermer tout et désactiver antivirus, pare-feu et antispyware pour éviter qu'ils interfèrent avec ComboFix.

Glisser le fichier CFScript.txt et le déposer sur ComboFix.exe

Ceci a pour effet de lancer ComboFix.

A la fin, si le PC ne redémarre pas automatiquement, REDEMARREZ-LE VOUS-MEME.

Vérifier le fonctionnement et poster le rapport de Combofix

Edwardounet · le 2 mai 2011

Tout se passe bien jusqu'au redémarrage de Windows.

Le système reboot donc en mode 640x480 avec un tas d'erreur type: swreg.cfxxe n'a pas démarré correctement, la souris ne fonctionnant pas, tout comme internet.

J'ai laissé tel quel jusqu'à ce que la fenêtre de combot fix se ferme d'elle même. J'ai attendu quelque minute puis j'ai redémarré manuellement.

J'étais toujours en 640x480 avec les erreurs et la souris ne fonctionnant pas, j'ai alors restauré le système.

lance_yien · le 2 mai 2011

Tu as bien fait de restaurer :super:

Supprime lton fichier CFScript.txt et refais la manip juste avec ceci:

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\system32\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll | c:\windows\SysWOW64\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe | c:\windows\explorer.exe

Poster le rapport et me dire s'il t a un changement quelconque.

Edwardounet · le 4 mai 2011

Bonjour,

J'ai lancé Combofix en glissant le fichier texte dessus, il a fait ce qu'il avait à faire sans redémarrer automatiquement, je l'ai alors fait manuellement.

A la connexion de mon compte, il y a eu deux fenêtres m'indiquant que des programmes n'avaient pas pu démarrer, FScapture.exe et un autre dont j'ai oublié le nom.

Il y avait aussi quelques "bugs" comme l'impossibilité d'afficher les propriétés système en faisait clique droit sur Ordinateur etc...

J'ai donc relancé une restauration du système.

Quoiqu'il en soit depuis hier après la restauration, je n'ai pas noté de pic dans l'utilisation de la mémoire.

Par contre, même si je pense que ça n'a rien à voir, j'ai noté une baisse de mon débit internet après l'utilisation de combofix.

La capacité de ma ligne étant d'environ 650Ko/s, elle est passé à ~510Ko/s. De même que les téléchargements en provenance de deviantart sont de l'ordre de 30Ko/s alors que quelques minutes avant ils étaient proche de la capacité maximum de la ligne.

Voici tout de même le log.

ComboFix 11-04-30.06 - Edward 03/05/2011 12:07:16.2.4 - x64

Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.4094.2969 [GMT 2:00]

Lancé depuis: c:\users\Edward\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Edward\Desktop\CFScript.txt

AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: Pare-feu personnel d'ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\macromed\Flash\Flash10k.ocx

c:\windows\system32\macromed\Flash\Flash10l.ocx

c:\windows\system32\macromed\Flash\FlashInstall.log

c:\windows\system32\macromed\Flash\flashplayer.xpt

c:\windows\system32\macromed\Flash\FlashPlayerTrust\AdobeXMPFileInfoCS5.cfg

c:\windows\system32\macromed\Flash\FlashUtil10l_ActiveX.dll

c:\windows\system32\macromed\Flash\FlashUtil10l_ActiveX.exe

c:\windows\system32\macromed\Flash\FlashUtil10p_Plugin.exe

c:\windows\system32\macromed\Flash\NPSWF32.dll

.

---- Exécution préalable -------

.

c:\windows\system32\macromed\Flash\Flash10k.ocx

c:\windows\system32\macromed\Flash\Flash10l.ocx

c:\windows\system32\macromed\Flash\FlashInstall.log

c:\windows\system32\macromed\Flash\flashplayer.xpt

c:\windows\system32\macromed\Flash\FlashPlayerTrust\AdobeXMPFileInfoCS5.cfg

c:\windows\system32\macromed\Flash\FlashUtil10l_ActiveX.dll

c:\windows\system32\macromed\Flash\FlashUtil10l_ActiveX.exe

c:\windows\system32\macromed\Flash\FlashUtil10p_Plugin.exe

c:\windows\system32\macromed\Flash\NPSWF32.dll

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\system32\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --> c:\windows\SysWOW64\user32.dll

c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe --> c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_AMDKMDAG

-------\Legacy_CPUZ133

-------\Legacy_EAMONM

-------\Legacy_EHDRV

-------\Legacy_EPFWWFP

-------\Legacy_MV91XX

-------\Legacy_VMCI

-------\Service_amdiox64

-------\Service_amdkmdag

-------\Service_amdkmdap

-------\Service_androidusb

-------\Service_cpuz133

-------\Service_eamonm

-------\Service_ehdrv

-------\Service_epfwwfp

-------\Service_mv91xx

-------\Service_nusb3hub

-------\Service_nusb3xhc

-------\Service_P0620VID

-------\Service_RTL8167

-------\Service_RzSynapse

-------\Service_USBAAPL64

-------\Service_VBoxNetAdp

-------\Service_VBoxNetFlt

-------\Service_vmci

-------\Service_WatAdminSvc

-------\Service_zghsmdm

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-04-03 au 2011-05-03 ))))))))))))))))))))))))))))))))))))

.

2011-05-03 10:10 . 2011-05-03 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-03 08:05 . 2011-05-03 08:05 -------- d-----w- c:\program files (x86)\Winstep

2011-05-03 08:05 . 2008-02-05 12:36 798208 ----a-w- c:\windows\SysWow64\NextControls.ocx

2011-05-03 08:05 . 2000-05-22 14:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx

2011-05-03 08:05 . 1997-07-19 13:55 1347344 ----a-w- c:\windows\SysWow64\msvbvm50.dll

2011-05-03 07:18 . 2011-05-03 07:21 -------- d-----w- c:\windows\system32\W7NBC

2011-05-03 05:49 . 2010-02-25 20:12 2870272 ----a-w- c:\windows\explorer.backup.exe

2011-05-03 05:39 . 2011-05-03 05:46 925184 ----a-w- c:\windows\expstart.exe

2011-05-03 05:39 . 2011-05-03 06:03 -------- d-----w- c:\windows\W7SOC

2011-05-03 05:29 . 2011-05-03 05:29 -------- d-----w- c:\users\Edward\AppData\Roaming\replacer

2011-05-03 05:16 . 2011-05-03 05:16 -------- d-----w- c:\users\Edward\AppData\Local\{9C882DE8-C686-4B2B-A1A8-96464B48D64E}

2011-05-03 00:27 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{85DACA78-BF58-4AF1-A57C-BEC33BDAC560}\mpengine.dll

2011-05-02 15:48 . 2011-05-02 15:48 -------- d-----w- c:\users\Edward\AppData\Local\{4A9C9FA3-325E-42E3-8C30-911972349F72}

2011-05-02 13:33 . 2011-05-02 13:32 521448 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-02 13:32 . 2011-05-02 13:32 -------- d-----w- c:\program files\Java

2011-05-02 13:32 . 2011-05-02 13:32 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-05-02 11:39 . 2011-05-02 13:30 -------- d-----w- c:\program files (x86)\RadeonPro

2011-05-02 09:07 . 2011-05-02 16:36 -------- d-----w- c:\program files (x86)\ESET

2011-05-02 09:01 . 2011-05-02 09:01 -------- d-----w- C:\_OTL

2011-05-02 07:16 . 2011-05-02 07:16 512 ----a-w- C:\PhysicalMBR.bin

2011-05-02 03:48 . 2011-05-02 03:48 -------- d-----w- c:\users\Edward\AppData\Local\{44F78535-FC07-4112-AC61-D3DF67C1620D}

2011-05-01 15:47 . 2011-05-01 15:47 -------- d-----w- c:\users\Edward\AppData\Local\{48B43689-8499-457C-853A-91549C64F6DC}

2011-05-01 14:35 . 2011-05-01 14:35 -------- d-----w- c:\users\Edward\AppData\Roaming\Malwarebytes

2011-05-01 14:35 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-01 14:35 . 2011-05-01 14:35 -------- d-----w- c:\programdata\Malwarebytes

2011-05-01 14:35 . 2011-05-01 14:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-05-01 14:35 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-01 03:46 . 2011-05-01 03:47 -------- d-----w- c:\users\Edward\AppData\Local\{B4079414-E88B-495D-BF56-C9615E3FF241}

2011-04-30 06:58 . 2011-04-30 06:58 -------- d-----w- c:\users\Edward\AppData\Local\Criterion Games

2011-04-29 11:37 . 2011-04-29 11:37 -------- d-----w- c:\programdata\Ubisoft

2011-04-29 11:36 . 2011-04-29 11:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-04-29 11:36 . 2011-04-29 11:36 -------- d-----w- c:\users\Edward\AppData\Roaming\PunkBuster

2011-04-29 01:43 . 2011-04-29 01:45 -------- d-----w- c:\program files (x86)\ZHPDiag

2011-04-28 10:04 . 2011-04-28 10:04 -------- d-----w- c:\program files (x86)\ma-config.com

2011-04-28 10:04 . 2011-04-28 10:04 -------- d-----w- c:\programdata\ma-config.com

2011-04-28 07:54 . 2011-04-28 07:54 -------- d-----w- c:\program files (x86)\Aero Tuner

2011-04-27 15:34 . 2011-04-27 15:34 -------- d-----w- c:\users\Edward\AppData\Roaming\mkvtoolnix

2011-04-27 15:34 . 2011-04-27 15:34 -------- d-----w- c:\program files (x86)\MKVtoolnix

2011-04-27 14:03 . 2011-04-27 14:03 -------- d-----w- c:\program files (x86)\VirtualDubMOD

2011-04-27 12:56 . 2011-04-27 12:56 -------- d-----w- c:\users\Edward\AppData\Roaming\FastStone

2011-04-27 12:56 . 2011-04-27 12:56 -------- d-----w- c:\program files (x86)\FastStone Capture

2011-04-27 12:28 . 2011-04-28 07:53 -------- d-----w- c:\program files\Rainmeter

2011-04-26 12:33 . 2011-04-26 12:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-04-26 12:33 . 2011-04-26 12:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-04-26 03:44 . 2010-11-23 15:25 34624 ----a-w- c:\windows\system32\TURegOpt.exe

2011-04-26 03:44 . 2010-11-23 15:21 25920 ----a-w- c:\windows\system32\authuitu.dll

2011-04-26 03:44 . 2010-11-23 15:21 21312 ----a-w- c:\windows\SysWow64\authuitu.dll

2011-04-26 03:44 . 2010-11-23 15:21 36160 ----a-w- c:\windows\system32\uxtuneup.dll

2011-04-26 03:44 . 2010-11-23 15:21 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2011-04-26 03:43 . 2011-04-26 03:44 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011

2011-04-26 03:43 . 2011-04-26 03:43 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-04-26 03:27 . 2011-04-26 03:27 -------- d-----w- c:\programdata\Martau

2011-04-26 03:27 . 2011-04-26 03:27 -------- d-----w- c:\program files (x86)\Total Uninstall 5

2011-04-26 02:21 . 2011-04-26 02:21 -------- d-----w- c:\users\Edward\AppData\Local\{F1AC0983-DF4C-4301-BD1D-AA56D55C5568}

2011-04-25 13:50 . 2011-04-25 13:50 -------- d-----w- c:\users\Edward\AppData\Local\{4A1E87C6-434A-4FDB-9C69-60BE832D50CB}

2011-04-24 22:54 . 2011-04-24 22:54 -------- d-----w- c:\programdata\Electronic Arts

2011-04-24 22:54 . 2011-04-24 22:54 -------- d-----w- c:\programdata\EA Core

2011-04-24 22:43 . 2010-12-29 01:45 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-04-24 22:43 . 2010-12-29 01:45 412776 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-04-23 04:24 . 2011-04-26 03:21 -------- d-----w- c:\program files\BOINC

2011-04-23 04:24 . 2011-04-26 02:21 -------- d-----w- c:\programdata\BOINC

2011-04-23 04:24 . 2011-04-23 04:24 -------- d-----w- c:\windows\Downloaded Installations

2011-04-21 22:15 . 2011-04-21 22:27 -------- d-----w- c:\program files (x86)\Cheat Engine

2011-04-21 22:15 . 2007-12-26 15:30 679936 ----a-w- c:\windows\SysWow64\D3DX81ab.dll

2011-04-21 22:15 . 2007-12-26 15:30 1970176 ----a-w- c:\windows\SysWow64\d3dx9.dll

2011-04-21 19:39 . 2011-05-01 06:13 -------- d-----w- c:\users\Edward\AppData\Local\CAPCOM

2011-04-21 17:37 . 2011-04-21 17:37 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2011-04-21 08:44 . 2011-04-21 08:44 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2011-04-18 11:28 . 2011-04-18 11:29 -------- d-----w- c:\users\Edward\AppData\Local\Rockstar Games

2011-04-16 12:15 . 2011-04-16 12:15 -------- d-----w- c:\users\Edward\AppData\Local\{0790F134-1B6D-4244-8BA8-0E548E90EDCA}

2011-04-16 00:15 . 2011-04-16 00:15 -------- d-----w- c:\users\Edward\AppData\Local\{8EE75337-B10C-4D5B-8DA4-F61DDCC2F076}

2011-04-15 12:14 . 2011-04-15 12:15 -------- d-----w- c:\users\Edward\AppData\Local\{1F5F1E81-5B06-4763-911B-A2CC1E6EAF2C}

2011-04-15 00:14 . 2011-04-15 00:14 -------- d-----w- c:\users\Edward\AppData\Local\{E533CB43-CA93-487C-81A9-9376A935411E}

2011-04-14 15:48 . 2011-04-14 15:48 -------- d-----w- c:\program files\Transmission Remote

2011-04-14 12:13 . 2011-04-14 12:14 -------- d-----w- c:\users\Edward\AppData\Local\{CF197E79-8B4A-45FE-B979-552198BF8E52}

2011-04-14 00:13 . 2011-04-14 00:13 -------- d-----w- c:\users\Edward\AppData\Local\{2B02EDD7-4744-41BE-9B73-723C53F999F2}

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-04-13 20:46 . 2011-04-13 20:51 -------- d-----w- c:\program files (x86)\Aura

2011-04-13 14:18 . 2011-04-29 03:16 -------- d-----w- c:\users\Edward\AppData\Roaming\vlc

2011-04-13 07:44 . 2011-04-13 07:44 -------- d-----w- c:\users\Edward\AppData\Local\{48C1F504-3CD8-4A17-8AC4-1DF7B2FC3C76}

2011-04-13 04:12 . 2011-03-08 06:14 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-12 19:43 . 2011-04-12 19:43 -------- d-----w- c:\users\Edward\AppData\Local\{42961CEB-E159-4114-8247-E77E6F2C9D60}

2011-04-12 07:43 . 2011-04-12 07:43 -------- d-----w- c:\users\Edward\AppData\Local\{A1BCA28A-8955-4A95-8CE9-506DF5B9C79A}

2011-04-11 19:42 . 2011-04-11 19:43 -------- d-----w- c:\users\Edward\AppData\Local\{5EFBB873-73EF-4D9E-A911-79651780C8BF}

2011-04-11 18:44 . 2011-04-21 22:13 -------- d-----w- c:\users\Edward\AppData\Roaming\.minecraft

2011-04-11 11:06 . 2011-04-15 18:20 -------- d-----w- c:\users\Edward\AppData\Roaming\RIFT

2011-04-11 07:42 . 2011-04-11 07:42 -------- d-----w- c:\users\Edward\AppData\Local\{D2690FE8-C4CA-4F45-910E-D3FEBCC5D3E2}

2011-04-10 19:41 . 2011-04-10 19:42 -------- d-----w- c:\users\Edward\AppData\Local\{506E6767-4A76-4BAB-BF5F-D1F6FA702504}

2011-04-10 07:41 . 2011-04-10 07:41 -------- d-----w- c:\users\Edward\AppData\Local\{BD0A9067-0151-4766-84AD-CB3B43EAEB6C}

2011-04-09 19:40 . 2011-04-09 19:41 -------- d-----w- c:\users\Edward\AppData\Local\{05E55B70-E11A-486E-9E4F-618A50489BE5}

2011-04-09 07:40 . 2011-04-09 07:40 -------- d-----w- c:\users\Edward\AppData\Local\{A53CBD7F-E1B2-4CE6-B3CD-06C3BD337672}

2011-04-08 19:40 . 2011-04-08 19:40 -------- d-----w- c:\users\Edward\AppData\Local\{0A8E679F-4212-4119-A6A6-225FBC872BFC}

2011-04-08 07:39 . 2011-04-08 07:39 -------- d-----w- c:\users\Edward\AppData\Local\{F2B98D48-6A50-4222-A436-BF3DB9FD5D37}

2011-04-07 19:39 . 2011-04-07 19:39 -------- d-----w- c:\users\Edward\AppData\Local\{03A39ACE-1C7B-44C3-99DD-448BCD24B815}

2011-04-07 07:38 . 2011-04-07 07:38 -------- d-----w- c:\users\Edward\AppData\Local\{337F9800-9614-48CB-BE1D-C1AAE1E823BA}

2011-04-07 00:19 . 2011-04-07 00:27 -------- d-----w- c:\users\Edward\AppData\Roaming\Audacity

2011-04-07 00:19 . 2011-04-07 00:19 -------- d-----w- c:\program files (x86)\Audacity 1.3 Beta

2011-04-06 19:38 . 2011-04-06 19:38 -------- d-----w- c:\users\Edward\AppData\Local\{6E2BFB79-109B-4414-8FE4-DDF45DEEC754}

2011-04-06 07:39 . 2011-04-06 07:39 -------- d-----w- c:\users\Edward\AppData\Local\{21511F99-4D3C-4B5A-8051-0C02B092FEF5}

2011-04-05 19:39 . 2011-04-05 19:39 -------- d-----w- c:\users\Edward\AppData\Local\{ADAC6C94-632D-4F73-9C86-AEB6B8BF5655}

2011-04-05 07:38 . 2011-04-05 07:38 -------- d-----w- c:\users\Edward\AppData\Local\{B0D6435D-212E-4BFA-A6DA-8427DAA7E56F}

2011-04-04 19:38 . 2011-04-04 19:38 -------- d-----w- c:\users\Edward\AppData\Local\{476E36A3-BFE1-4111-9431-B4B19744146F}

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 13:32 . 2010-05-12 20:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-04-25 11:19 . 2010-05-23 17:37 25640 ----a-w- c:\windows\gdrv.sys

2011-04-12 15:53 . 2010-11-14 08:25 1866240 ----a-w- c:\windows\system32\ExplorerFrame.del.dll

2011-04-12 15:53 . 2010-11-14 08:25 1865728 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-03-29 18:00 . 2010-11-07 11:15 92672 ----a-w- c:\windows\system32\ff_vfw.dll

2011-03-09 03:45 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-02 10:43 . 2010-11-07 11:15 203264 ----a-w- c:\windows\system32\unrar.dll

2011-02-17 09:59 . 2011-02-17 09:59 428416 ----a-w- c:\windows\SysWow64\RzMwApi.dll

2011-02-17 02:36 . 2010-11-14 08:25 1863680 ----a-w- c:\windows\system32\explorerframe.dll.11111111

2011-02-17 02:36 . 2010-11-14 08:25 1863168 ----a-w- c:\windows\system32\explorerframe.dll.BAK

.

((((((((((((((((((((((((((((( SnapShot@2011-05-01_17.25.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-12 19:48 . 2011-05-03 07:47 48760 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-05-03 07:47 34732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-05-12 19:39 . 2011-05-03 07:47 10050 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-298173471-2318884327-37262993-1001_UserData.bin

- 2010-05-12 19:32 . 2011-04-19 04:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-12 19:32 . 2011-05-03 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-12 19:32 . 2011-04-19 04:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-05-02 09:07 . 2011-05-03 04:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-04-19 04:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-05-03 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-03 07:46 . 2011-05-03 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-05-01 17:05 . 2011-05-01 17:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-05-01 17:05 . 2011-05-01 17:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-05-03 07:46 . 2011-05-03 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-05-03 05:46 . 2011-05-03 06:03 925184 c:\windows\W7SOC\expstart.exe

+ 2011-05-03 05:39 . 2011-05-03 06:03 377344 c:\windows\W7SOC\bru.exe

+ 2011-05-02 13:32 . 2011-05-02 13:32 157472 c:\windows\SysWOW64\javaws.exe

- 2011-01-10 10:00 . 2011-02-02 19:40 157472 c:\windows\SysWOW64\javaws.exe

+ 2011-05-02 13:32 . 2011-05-02 13:32 145184 c:\windows\SysWOW64\javaw.exe

- 2011-01-10 10:00 . 2011-02-02 19:40 145184 c:\windows\SysWOW64\javaw.exe

- 2011-01-10 10:00 . 2011-02-02 19:40 145184 c:\windows\SysWOW64\java.exe

+ 2011-05-02 13:32 . 2011-05-02 13:32 145184 c:\windows\SysWOW64\java.exe

+ 2011-05-03 07:18 . 2011-05-03 07:18 377344 c:\windows\system32\W7NBC\exe.exe

- 2009-07-14 15:24 . 2011-05-01 17:10 743526 c:\windows\system32\perfh00C.dat

+ 2009-07-14 15:24 . 2011-05-03 07:50 743526 c:\windows\system32\perfh00C.dat

+ 2009-07-14 02:36 . 2011-05-03 07:50 650638 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-05-01 17:10 650638 c:\windows\system32\perfh009.dat

+ 2009-07-14 15:24 . 2011-05-03 07:50 147862 c:\windows\system32\perfc00C.dat

- 2009-07-14 15:24 . 2011-05-01 17:10 147862 c:\windows\system32\perfc00C.dat

+ 2009-07-14 02:36 . 2011-05-03 07:50 120294 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-05-01 17:10 120294 c:\windows\system32\perfc009.dat

+ 2011-05-02 13:33 . 2011-05-02 13:32 189728 c:\windows\system32\javaws.exe

+ 2011-05-02 13:33 . 2011-05-02 13:32 171808 c:\windows\system32\javaw.exe

+ 2011-05-02 13:33 . 2011-05-02 13:32 171808 c:\windows\system32\java.exe

+ 2009-07-14 05:38 . 2011-05-02 16:36 262144 c:\windows\system32\config\systemprofile\ntuser.dat

- 2009-07-14 05:38 . 2010-05-23 11:55 262144 c:\windows\system32\config\systemprofile\ntuser.dat

- 2009-07-14 05:12 . 2010-09-09 09:48 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2011-05-03 04:07 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2011-05-03 07:44 394396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-03 05:18 . 2009-04-22 08:00 350720 c:\windows\Resources\Themes\Win7-Katharos Top\Shell\NormalColor\shellstyle.dll

+ 2011-05-03 07:09 . 2009-10-31 08:37 349184 c:\windows\Resources\Themes\leaf_by_dpcdpc11_top_s_f_R\Shell\NormalColor\shellstyle.dll

+ 2011-05-03 07:09 . 2009-10-31 08:37 349184 c:\windows\Resources\Themes\leaf_by_dpcdpc11_top_R\Shell\NormalColor\shellstyle.dll

+ 2011-05-03 05:33 . 2009-07-14 06:03 350720 c:\windows\Resources\Themes\emerald\Shell\NormalColor\shellstyle.dll

+ 2011-05-02 13:32 . 2011-05-02 13:32 682496 c:\windows\Installer\f3a6cc.msi

+ 2011-05-02 13:32 . 2011-05-02 13:32 183808 c:\windows\Installer\f3a6c7.msi

+ 2011-05-02 13:31 . 2011-05-02 13:31 681984 c:\windows\Installer\f3a6bf.msi

+ 2011-05-03 06:03 . 2010-02-25 20:12 2870272 c:\windows\W7SOC\explorer.exe

+ 2011-05-03 07:21 . 2011-04-12 15:53 1865728 c:\windows\system32\W7NBC\ExplorerFrame.dll

+ 2009-07-14 04:45 . 2011-05-03 07:46 4893992 c:\windows\system32\FNTCACHE.DAT

+ 2010-05-16 21:21 . 2011-05-03 07:44 3737712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-03-16 12:14 . 2010-02-25 20:12 2870272 c:\windows\explorer.bakbakbak.exe

+ 2011-03-16 12:14 . 2010-02-25 20:12 2870272 c:\windows\explorer.BAK.exe

+ 2009-07-13 23:42 . 2009-07-14 01:06 20268032 c:\windows\SysWOW64\imageres.dll

+ 2009-07-14 02:34 . 2011-05-03 08:50 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:34 . 2011-05-01 15:36 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-13 23:57 . 2009-07-14 01:28 20268032 c:\windows\system32\imageres.dll

+ 2010-09-09 08:40 . 2011-05-03 07:44 19046596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-298173471-2318884327-37262993-1001-8192.dat

+ 2010-09-17 10:57 . 2011-05-02 16:14 13290860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-298173471-2318884327-37262993-1001-12288.dat

- 2010-09-17 10:57 . 2011-05-01 17:04 13290860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-298173471-2318884327-37262993-1001-12288.dat

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-03-14 13816960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

.

c:\users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

FastStone Capture.lnk - c:\program files (x86)\FastStone Capture\FSCapture.exe [2007-2-23 1115136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe"

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe

"K3805"="c:\program files (x86)\Alchemy Elixir\control.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AppleSyncNotifier"=c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

"Razer Naga Driver"=c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]

R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2009-02-22 14904]

R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2010-04-23 52352]

R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-06-03 25640]

R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-06-03 30528]

R3 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2011-04-12 311744]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-02-01 14648]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]

R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-04-23 136616]

R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-04-07 810120]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-23 1974080]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 P0620VID;Creative WebCam Instant;c:\windows\system32\DRIVERS\P0620Vid.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]

S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2839840]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://mail.google....l/?shva=1#inbox

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - f:\progra~1\Office14\EXCEL.EXE/3000

IE: Liens de téléchargement avec Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm

LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll

.

- - - - ORPHELINS SUPPRIMES - - - -

.

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Edward\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]

"ImagePath"="c:\program files (x86)\Winstep\WsxService"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-298173471-2318884327-37262993-1001\Software\SecuROM\License information*]

"datasecu"=hex:c6,fb,8b,0a,27,5c,e0,bf,19,04,85,06,5e,a1,ae,75,65,c1,bc,6e,a9,

1c,67,ad,40,9d,9f,02,e6,13,3c,e4,44,f8,ee,cd,ed,4a,84,c9,3c,6a,bd,2e,6f,20,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2011-05-03 12:11:43

ComboFix-quarantined-files.txt 2011-05-03 10:11

ComboFix2.txt 2011-05-01 17:30

.

Avant-CF: 16 616 034 304 octets libres

Après-CF: 16 839 884 800 octets libres

.

- - End Of File - - 76F34865289E96C0DD802D7DAD9A62F8

Modifié le 4 mai 2011 par Edwardounet

lance_yien · le 4 mai 2011

Bonjour,

OK, on laisse ComboFix tranquille et on fait un dernier contrôle avec OTL.

>>> Relancer OTL et sans rien changer ni rien ajouter, cliquer sur le bouton bleu Analyse et laisser faire.

Poster le contenu du rapport génré.

Edwardounet · le 4 mai 2011

OTL logfile created on: 04/05/2011 10:49:35 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Edward\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 48,83 Gb Total Space | 16,70 Gb Free Space | 34,20% Space Free | Partition Type: NTFS

Drive D: | 208,53 Gb Total Space | 45,86 Gb Free Space | 21,99% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 769,50 Gb Free Space | 82,61% Space Free | Partition Type: NTFS

Drive J: | 1863,01 Gb Total Space | 1051,47 Gb Free Space | 56,44% Space Free | Partition Type: NTFS

Computer Name: EDWARD-PC | User Name: Edward | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 09:13:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Edward\Desktop\OTL.exe

PRC - [2011/04/29 13:36:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/03/27 22:11:04 | 007,642,112 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe

PRC - [2011/03/14 21:08:26 | 013,816,960 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus.exe

PRC - [2011/02/11 18:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe

PRC - [2011/02/11 08:27:59 | 000,213,745 | ---- | M] () -- C:\Portable Program Files\Gridy\Gridy.exe

PRC - [2010/04/07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

PRC - [2009/08/06 07:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe

PRC - [2007/02/23 23:49:58 | 001,115,136 | ---- | M] () -- C:\Program Files (x86)\FastStone Capture\FSCapture.exe

========== Modules (SafeList) ==========

MOD - [2011/05/02 09:13:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Edward\Desktop\OTL.exe

MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/27 00:55:36 | 000,203,776 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/01/26 19:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2010/11/23 17:21:12 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV:64bit: - [2010/04/07 21:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV:64bit: - [2010/04/07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/04/29 13:36:45 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/04/12 10:11:26 | 000,311,744 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2011/02/11 18:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)

SRV - [2010/11/23 17:24:50 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2010/11/23 17:21:02 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2010/04/23 05:39:00 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/22 21:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010/01/22 21:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/01/22 21:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/01/22 21:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

SRV - [2009/08/06 07:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/01/27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)

DRV:64bit: - [2010/12/29 03:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/12/16 10:23:14 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)

DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/23 16:38:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2010/11/23 16:38:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV:64bit: - [2010/10/18 07:24:46 | 000,038,424 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)

DRV:64bit: - [2010/05/17 08:35:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/05/09 23:29:02 | 000,145,936 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/04/07 21:08:30 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)

DRV:64bit: - [2010/04/07 21:08:28 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)

DRV:64bit: - [2010/04/07 21:08:26 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)

DRV:64bit: - [2010/04/07 21:07:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2010/04/07 21:03:52 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)

DRV:64bit: - [2010/03/09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010/01/22 21:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010/01/22 21:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010/01/22 21:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010/01/22 21:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010/01/22 21:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010/01/22 17:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2009/12/18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/11/06 07:42:06 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)

DRV:64bit: - [2009/10/07 13:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/08/09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/17 20:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/04/28 03:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/04/28 03:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2005/08/15 10:02:18 | 000,126,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P0620Vid.sys -- (P0620VID)

DRV - [2011/04/25 13:19:02 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010/10/07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2010/08/30 12:19:54 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)

DRV - [2010/06/04 00:51:00 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)

DRV - [2010/06/04 00:50:44 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2010/04/23 05:38:48 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)

DRV - [2010/02/01 04:27:24 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)

DRV - [2009/02/23 00:21:54 | 000,014,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)

DRV - [2008/02/15 16:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys -- (FLASHSYS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 D3 B3 E6 D7 B6 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/05/12 22:18:47 | 000,000,000 | ---D | M]

[2010/05/19 20:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\mozilla\Extensions

[2011/03/16 00:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edward\AppData\Roaming\mozilla\Firefox\Profiles\v12zbrtz.default\extensions

File not found (No name found) --

[2011/01/10 12:00:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/28 11:58:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V12ZBRTZ.DEFAULT\EXTENSIONS\{40A1F5D7-AFC2-498F-B264-02668D616FF6}.XPI

() (No name found) -- C:\USERS\EDWARD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V12ZBRTZ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2011/05/02 11:01:41 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)

O4 - Startup: C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()

O4 - Startup: C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gridy.lnk = C:\Portable Program Files\Gridy\Gridy.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (Reg Error: Key error.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O27:64bit: - HKLM IFEO\acrord32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\switchboard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\acrord32.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)

O27 - HKLM IFEO\steam.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)

O27 - HKLM IFEO\switchboard.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe" (TuneUp Software)

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 07:17:13 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{0D6F0B07-497C-4287-AC9D-6F0926ABAD2C}

[2011/05/03 19:16:50 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{F4046E5C-A022-4D84-A004-002D0126E22C}

[2011/05/03 15:57:06 | 000,000,000 | ---D | C] -- C:\Portable Program Files

[2011/05/03 15:57:06 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gridy

[2011/05/03 12:11:45 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/05/03 10:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winstep

[2011/05/03 10:05:56 | 001,347,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvbvm50.dll

[2011/05/03 10:05:56 | 000,798,208 | ---- | C] (Winstep Software Technologies) -- C:\Windows\SysWow64\NextControls.ocx

[2011/05/03 10:05:56 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comctl32.ocx

[2011/05/03 10:05:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Winstep

[2011/05/03 10:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winstep

[2011/05/03 09:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\W7NBC

[2011/05/03 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\Edward\Desktop\26326-ToYcon

[2011/05/03 07:49:11 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.backup.exe

[2011/05/03 07:39:11 | 000,000,000 | ---D | C] -- C:\Windows\W7SOC

[2011/05/03 07:29:15 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\replacer

[2011/05/03 07:16:16 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{9C882DE8-C686-4B2B-A1A8-96464B48D64E}

[2011/05/02 18:08:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/05/02 17:48:44 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{4A9C9FA3-325E-42E3-8C30-911972349F72}

[2011/05/02 15:33:02 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll

[2011/05/02 15:33:02 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2011/05/02 15:33:02 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2011/05/02 15:33:02 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2011/05/02 15:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011/05/02 15:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/05/02 15:32:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/05/02 15:32:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/05/02 15:32:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/05/02 13:42:01 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\RadeonPro Benchmarks

[2011/05/02 11:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011/05/02 11:01:22 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/05/02 09:13:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Edward\Desktop\OTL.exe

[2011/05/02 07:49:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/05/02 05:48:09 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{44F78535-FC07-4112-AC61-D3DF67C1620D}

[2011/05/01 19:11:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/05/01 19:11:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/05/01 19:11:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/05/01 19:11:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/05/01 19:11:18 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/01 17:47:33 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{48B43689-8499-457C-853A-91549C64F6DC}

[2011/05/01 16:35:18 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Malwarebytes

[2011/05/01 16:35:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/05/01 16:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/01 16:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/01 16:35:09 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/05/01 16:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/05/01 05:46:57 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{B4079414-E88B-495D-BF56-C9615E3FF241}

[2011/04/30 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Criterion Games

[2011/04/29 14:12:00 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\My Cheat Tables

[2011/04/29 13:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft

[2011/04/29 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\PunkBuster

[2011/04/29 03:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2011/04/28 12:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com

[2011/04/28 12:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ma-config.com

[2011/04/28 12:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ma-config.com

[2011/04/28 09:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aero Tuner

[2011/04/27 17:34:44 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\mkvtoolnix

[2011/04/27 17:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVtoolnix

[2011/04/27 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVtoolnix

[2011/04/27 16:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtualDubMOD

[2011/04/27 16:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDubMOD

[2011/04/27 14:56:44 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\FastStone

[2011/04/27 14:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture

[2011/04/27 14:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Capture

[2011/04/27 14:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter

[2011/04/27 03:38:20 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\Front Mission Evolved

[2011/04/26 14:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/04/26 14:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/04/26 14:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2011/04/26 05:44:03 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2011/04/26 05:44:02 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2011/04/26 05:44:02 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2011/04/26 05:44:02 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2011/04/26 05:44:02 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2011/04/26 05:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011

[2011/04/26 05:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011

[2011/04/26 05:43:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2011/04/26 05:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau

[2011/04/26 05:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Uninstall 5

[2011/04/26 04:21:27 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{F1AC0983-DF4C-4301-BD1D-AA56D55C5568}

[2011/04/25 15:50:06 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{4A1E87C6-434A-4FDB-9C69-60BE832D50CB}

[2011/04/25 00:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2011/04/25 00:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2011/04/25 00:53:55 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\Criterion Games

[2011/04/25 00:43:22 | 000,412,776 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2011/04/23 06:24:34 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2011/04/22 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\Prototype

[2011/04/22 00:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.5

[2011/04/22 00:15:21 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll

[2011/04/22 00:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine

[2011/04/21 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\CAPCOM

[2011/04/21 21:39:36 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\CAPCOM

[2011/04/21 20:46:22 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\SHIFT 2 UNLEASHED

[2011/04/21 19:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2011/04/21 10:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2011/04/21 08:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk

[2011/04/21 08:49:27 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk

[2011/04/19 12:16:36 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\Games for Windows - LIVE Demos

[2011/04/18 13:32:44 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\Rockstar Games

[2011/04/18 13:28:56 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\Rockstar Games

[2011/04/17 19:47:49 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\GTA3 User Files

[2011/04/17 19:27:49 | 000,000,000 | ---D | C] -- C:\Users\Edward\Documents\GTA Vice City User Files

[2011/04/16 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{0790F134-1B6D-4244-8BA8-0E548E90EDCA}

[2011/04/16 02:15:12 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{8EE75337-B10C-4D5B-8DA4-F61DDCC2F076}

[2011/04/15 14:14:51 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{1F5F1E81-5B06-4763-911B-A2CC1E6EAF2C}

[2011/04/15 08:38:06 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Google

[2011/04/15 02:14:30 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{E533CB43-CA93-487C-81A9-9376A935411E}

[2011/04/14 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake

[2011/04/14 17:48:41 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Transmission Remote

[2011/04/14 17:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Remote

[2011/04/14 17:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\Transmission Remote

[2011/04/14 14:13:49 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{CF197E79-8B4A-45FE-B979-552198BF8E52}

[2011/04/14 02:13:21 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{2B02EDD7-4744-41BE-9B73-723C53F999F2}

[2011/04/14 00:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr

[2011/04/13 22:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aura

[2011/04/13 16:18:01 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\vlc

[2011/04/13 16:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011/04/13 13:35:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2011/04/13 13:35:28 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll

[2011/04/13 13:35:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011/04/13 13:35:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/04/13 13:35:28 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2011/04/13 13:35:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2011/04/13 13:35:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011/04/13 13:35:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll

[2011/04/13 13:35:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/04/13 13:35:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2011/04/13 13:35:28 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll

[2011/04/13 13:35:28 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2011/04/13 13:35:28 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2011/04/13 13:35:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/04/13 13:35:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2011/04/13 13:35:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2011/04/13 13:35:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll

[2011/04/13 13:35:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2011/04/13 13:35:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2011/04/13 13:35:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2011/04/13 13:35:28 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2011/04/13 13:35:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2011/04/13 13:35:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011/04/13 13:35:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2011/04/13 13:35:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2011/04/13 13:35:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2011/04/13 13:35:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2011/04/13 13:35:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2011/04/13 13:35:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2011/04/13 13:35:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2011/04/13 13:35:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2011/04/13 13:35:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2011/04/13 13:35:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/04/13 13:35:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2011/04/13 13:35:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2011/04/13 13:35:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2011/04/13 13:35:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2011/04/13 13:35:28 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll

[2011/04/13 13:35:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2011/04/13 13:35:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011/04/13 13:35:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011/04/13 13:35:27 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2011/04/13 13:35:27 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011/04/13 13:35:27 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011/04/13 13:35:27 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/04/13 13:35:27 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/04/13 13:35:27 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011/04/13 13:35:27 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2011/04/13 13:35:27 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2011/04/13 13:35:27 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011/04/13 13:35:27 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2011/04/13 13:35:27 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2011/04/13 13:35:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/04/13 13:35:27 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/04/13 13:35:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2011/04/13 13:35:27 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2011/04/13 13:35:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2011/04/13 13:35:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2011/04/13 13:35:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2011/04/13 13:35:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2011/04/13 13:35:27 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011/04/13 13:35:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2011/04/13 13:35:27 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2011/04/13 13:35:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2011/04/13 13:35:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2011/04/13 13:35:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/04/13 13:35:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2011/04/13 13:35:27 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2011/04/13 13:35:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2011/04/13 13:35:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2011/04/13 13:35:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2011/04/13 13:35:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2011/04/13 13:35:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2011/04/13 13:35:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2011/04/13 13:35:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2011/04/13 13:35:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011/04/13 13:35:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2011/04/13 13:35:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011/04/13 09:44:05 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{48C1F504-3CD8-4A17-8AC4-1DF7B2FC3C76}

[2011/04/13 06:13:12 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2011/04/13 06:13:12 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2011/04/13 06:13:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2011/04/13 06:13:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2011/04/13 06:13:02 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2011/04/13 06:13:02 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2011/04/13 06:13:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2011/04/13 06:13:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2011/04/13 06:13:00 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2011/04/13 06:13:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2011/04/13 06:13:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2011/04/13 06:12:56 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2011/04/13 06:12:56 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2011/04/13 06:12:56 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2011/04/13 06:12:56 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2011/04/13 06:12:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2011/04/13 06:12:56 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2011/04/13 06:12:56 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2011/04/13 06:12:56 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2011/04/12 21:43:33 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{42961CEB-E159-4114-8247-E77E6F2C9D60}

[2011/04/12 09:43:11 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{A1BCA28A-8955-4A95-8CE9-506DF5B9C79A}

[2011/04/11 21:42:49 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{5EFBB873-73EF-4D9E-A911-79651780C8BF}

[2011/04/11 20:44:07 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\.minecraft

[2011/04/11 13:06:46 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\RIFT

[2011/04/11 13:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT

[2011/04/11 09:42:25 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{D2690FE8-C4CA-4F45-910E-D3FEBCC5D3E2}

[2011/04/10 21:41:53 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{506E6767-4A76-4BAB-BF5F-D1F6FA702504}

[2011/04/10 09:41:18 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{BD0A9067-0151-4766-84AD-CB3B43EAEB6C}

[2011/04/09 21:40:55 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{05E55B70-E11A-486E-9E4F-618A50489BE5}

[2011/04/09 09:40:34 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{A53CBD7F-E1B2-4CE6-B3CD-06C3BD337672}

[2011/04/08 21:40:02 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{0A8E679F-4212-4119-A6A6-225FBC872BFC}

[2011/04/08 09:39:26 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{F2B98D48-6A50-4222-A436-BF3DB9FD5D37}

[2011/04/07 21:39:05 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{03A39ACE-1C7B-44C3-99DD-448BCD24B815}

[2011/04/07 09:38:43 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{337F9800-9614-48CB-BE1D-C1AAE1E823BA}

[2011/04/07 02:19:18 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Roaming\Audacity

[2011/04/07 02:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta

[2011/04/06 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{6E2BFB79-109B-4414-8FE4-DDF45DEEC754}

[2011/04/06 09:39:27 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{21511F99-4D3C-4B5A-8051-0C02B092FEF5}

[2011/04/05 21:39:05 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{ADAC6C94-632D-4F73-9C86-AEB6B8BF5655}

[2011/04/05 09:38:44 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{B0D6435D-212E-4BFA-A6DA-8427DAA7E56F}

[2011/04/04 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\Edward\AppData\Local\{476E36A3-BFE1-4111-9431-B4B19744146F}

========== Files - Modified Within 30 Days ==========

[2011/05/04 08:44:31 | 000,002,534 | ---- | M] () -- C:\Users\Edward\Desktop\ruTorrent v3.lnk

[2011/05/03 16:22:48 | 001,657,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/05/03 16:22:48 | 000,743,526 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2011/05/03 16:22:48 | 000,650,638 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/05/03 16:22:48 | 000,147,862 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2011/05/03 16:22:48 | 000,120,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/05/03 16:18:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/03 16:17:25 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/03 16:17:25 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/03 15:57:06 | 000,000,834 | ---- | M] () -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gridy.lnk

[2011/05/03 15:23:07 | 000,001,456 | ---- | M] () -- C:\Users\Edward\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs

[2011/05/03 14:19:51 | 000,002,631 | ---- | M] () -- C:\Users\Edward\Desktop\Gmail.lnk

[2011/05/03 12:35:31 | 004,894,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/05/03 10:05:59 | 000,001,049 | ---- | M] () -- C:\Users\Edward\Documents\Winstep.lnk

[2011/05/03 10:05:59 | 000,000,982 | ---- | M] () -- C:\Users\Edward\Desktop\Nexus.lnk

[2011/05/03 08:51:57 | 000,254,618 | ---- | M] () -- C:\Users\Edward\Desktop\26326-ToYcon.zip

[2011/05/03 07:46:30 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe

[2011/05/02 15:32:58 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll

[2011/05/02 15:32:58 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe

[2011/05/02 15:32:58 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe

[2011/05/02 15:32:58 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe

[2011/05/02 15:32:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2011/05/02 15:32:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/05/02 15:32:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/05/02 15:32:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/05/02 11:01:41 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2011/05/02 09:16:24 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/05/02 09:13:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Edward\Desktop\OTL.exe

[2011/05/01 19:10:16 | 004,334,469 | R--- | M] () -- C:\Users\Edward\Desktop\ComboFix.exe

[2011/05/01 19:03:51 | 000,050,477 | ---- | M] () -- C:\Users\Edward\Desktop\Defogger.exe

[2011/05/01 16:35:34 | 000,879,028 | ---- | M] () -- C:\Users\Edward\Desktop\SecurityCheck.exe

[2011/05/01 16:35:13 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/29 13:36:45 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/04/29 03:45:12 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2011/04/27 14:58:20 | 000,001,168 | ---- | M] () -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk

[2011/04/26 21:07:07 | 000,020,602 | ---- | M] () -- C:\Users\Edward\Documents\FF7.aimppl

[2011/04/26 14:38:09 | 000,001,278 | ---- | M] () -- C:\Users\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/04/26 09:57:34 | 000,173,052 | ---- | M] () -- C:\Users\Edward\Documents\cc_20110426_095725.reg

[2011/04/26 07:36:05 | 000,021,598 | ---- | M] () -- C:\Windows\SysNative\oemlogo.bmp

[2011/04/25 13:19:02 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys

[2011/04/21 09:54:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2011/04/16 07:29:26 | 001,634,222 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/14 00:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr

[2011/04/13 13:49:34 | 000,001,449 | ---- | M] () -- C:\Users\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/04/13 13:35:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2011/04/13 13:35:28 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll

[2011/04/13 13:35:28 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011/04/13 13:35:28 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/04/13 13:35:28 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2011/04/13 13:35:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2011/04/13 13:35:28 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011/04/13 13:35:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll

[2011/04/13 13:35:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/04/13 13:35:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2011/04/13 13:35:28 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll

[2011/04/13 13:35:28 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2011/04/13 13:35:28 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2011/04/13 13:35:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/04/13 13:35:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2011/04/13 13:35:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2011/04/13 13:35:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll

[2011/04/13 13:35:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2011/04/13 13:35:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2011/04/13 13:35:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2011/04/13 13:35:28 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2011/04/13 13:35:28 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2011/04/13 13:35:28 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011/04/13 13:35:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2011/04/13 13:35:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2011/04/13 13:35:28 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2011/04/13 13:35:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2011/04/13 13:35:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2011/04/13 13:35:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2011/04/13 13:35:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2011/04/13 13:35:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2011/04/13 13:35:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2011/04/13 13:35:28 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/04/13 13:35:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2011/04/13 13:35:28 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2011/04/13 13:35:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2011/04/13 13:35:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2011/04/13 13:35:28 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll

[2011/04/13 13:35:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2011/04/13 13:35:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011/04/13 13:35:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011/04/13 13:35:27 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2011/04/13 13:35:27 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011/04/13 13:35:27 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011/04/13 13:35:27 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/04/13 13:35:27 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/04/13 13:35:27 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011/04/13 13:35:27 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2011/04/13 13:35:27 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2011/04/13 13:35:27 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011/04/13 13:35:27 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2011/04/13 13:35:27 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2011/04/13 13:35:27 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/04/13 13:35:27 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/04/13 13:35:27 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2011/04/13 13:35:27 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2011/04/13 13:35:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2011/04/13 13:35:27 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2011/04/13 13:35:27 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2011/04/13 13:35:27 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2011/04/13 13:35:27 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011/04/13 13:35:27 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2011/04/13 13:35:27 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2011/04/13 13:35:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2011/04/13 13:35:27 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2011/04/13 13:35:27 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/04/13 13:35:27 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2011/04/13 13:35:27 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2011/04/13 13:35:27 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2011/04/13 13:35:27 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2011/04/13 13:35:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2011/04/13 13:35:27 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2011/04/13 13:35:27 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2011/04/13 13:35:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2011/04/13 13:35:27 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2011/04/13 13:35:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011/04/13 13:35:27 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2011/04/13 13:35:27 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011/04/12 17:53:04 | 001,866,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.del.dll

[2011/04/12 17:53:04 | 001,865,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll

========== Files Created - No Company Name ==========

[2011/05/03 15:57:06 | 000,000,834 | ---- | C] () -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gridy.lnk

[2011/05/03 13:45:45 | 000,002,534 | ---- | C] () -- C:\Users\Edward\Desktop\ruTorrent v3.lnk

[2011/05/03 13:44:54 | 000,002,631 | ---- | C] () -- C:\Users\Edward\Desktop\Gmail.lnk

[2011/05/03 10:05:59 | 000,001,049 | ---- | C] () -- C:\Users\Edward\Documents\Winstep.lnk

[2011/05/03 10:05:59 | 000,000,982 | ---- | C] () -- C:\Users\Edward\Desktop\Nexus.lnk

[2011/05/03 08:51:56 | 000,254,618 | ---- | C] () -- C:\Users\Edward\Desktop\26326-ToYcon.zip

[2011/05/03 07:39:29 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe

[2011/05/02 09:16:24 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/05/01 19:11:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/05/01 19:11:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/05/01 19:11:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/05/01 19:11:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/05/01 19:11:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/05/01 19:08:12 | 004,334,469 | R--- | C] () -- C:\Users\Edward\Desktop\ComboFix.exe

[2011/05/01 19:03:52 | 000,050,477 | ---- | C] () -- C:\Users\Edward\Desktop\Defogger.exe

[2011/05/01 16:35:34 | 000,879,028 | ---- | C] () -- C:\Users\Edward\Desktop\SecurityCheck.exe

[2011/05/01 16:35:13 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/04/30 16:25:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011/04/29 13:36:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/04/27 14:58:20 | 000,001,168 | ---- | C] () -- C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk

[2011/04/26 21:07:07 | 000,020,602 | ---- | C] () -- C:\Users\Edward\Documents\FF7.aimppl

[2011/04/26 14:38:09 | 000,001,278 | ---- | C] () -- C:\Users\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/04/26 09:57:28 | 000,173,052 | ---- | C] () -- C:\Users\Edward\Documents\cc_20110426_095725.reg

[2011/04/26 07:36:05 | 000,021,598 | ---- | C] () -- C:\Windows\SysNative\oemlogo.bmp

[2011/04/26 05:44:01 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk

[2011/04/26 05:27:31 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 5.lnk

[2011/04/25 00:43:22 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2011/04/22 00:15:21 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2011/04/21 09:54:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2011/04/07 02:19:15 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta.lnk

[2011/03/16 15:53:15 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL

[2010/12/21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/10/27 16:07:54 | 000,000,132 | ---- | C] () -- C:\Users\Edward\AppData\Roaming\Adobe Targa Format CS5 Prefs

[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/05/28 15:32:44 | 000,003,235 | ---- | C] () -- C:\Users\Edward\AppData\Local\Temp11.html

[2010/05/22 19:56:53 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2010/05/18 11:44:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/05/17 22:58:14 | 000,000,315 | ---- | C] () -- C:\Windows\game.ini

[2010/05/16 23:25:43 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI

[2010/05/16 22:11:15 | 000,001,456 | ---- | C] () -- C:\Users\Edward\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs

[2010/05/15 11:27:41 | 000,005,925 | ---- | C] () -- C:\Users\Edward\AppData\Local\Temp14.html

[2010/05/14 21:53:40 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe

[2010/05/14 21:47:18 | 000,005,977 | ---- | C] () -- C:\Users\Edward\AppData\Local\Temp25.html

[2010/05/14 21:04:38 | 000,000,778 | ---- | C] () -- C:\Users\Edward\AppData\Local\Temp1.html

[2010/05/14 18:33:37 | 001,634,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/05/13 14:04:01 | 000,000,306 | ---- | C] () -- C:\Windows\lgfwup.ini

[2010/05/13 00:08:05 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010/05/13 00:08:04 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/05/13 00:07:56 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/05/13 00:07:56 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/05/13 00:07:52 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/05/12 23:38:31 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010/05/12 22:33:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/08/27 09:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

< End of report >

lance_yien · le 4 mai 2011

Connais-tu ces programmes (en gras) et les utilise-tu toujours. As-tu besoin qu'il démarrent en mm temps que Windows.

C:\Program Files (x86)\Winstep

C:\Program Files (x86)\FastStone Capture

C:\Portable Program Files\Gridy

Que veux-tu en faire pour que je puisse te donner les instructions suivantes

Edwardounet · le 4 mai 2011

Bonjour lance_yien,

Oui je connais ces programmes, et je les utilises quotidiennement. Je vais les garder en démarrage automatique.

Je n'ai toujours pas eu de problème avec la ram.

Cdlt.

lance_yien · le 4 mai 2011

Re,

Alors c'est tout bon! :super:

>>> Lancer Defogger.exe et cliquer sur Re-enable. Suivre les indications.

>>> Supprimer les utilitaires:

- Pour supprimer ComboFix, cliquer sur Démarrer => Exécuter et saisir (ou copier/ coller) ComboFix /Uninstall (espace entre "ComboFix" et "/Uninstall"). Cliquer sur OK.

Ce qui a pour effet de supprimer ComboFix ainsi que les dossiers/ fichiers qu'il a installé et ré-initialiser les points de restauration.

- Lancer OTL et cliquer sur Purge outils. Laisser faire et redémarrer le PC.

- Pour supprimer les autres utilitaires et leur rapports, cliquer-droit dessus => "Supprimer".

>>> Vérifier/ Activer l'UAC: Parce qu'il y a de plus en plus de malware qui exploitent la désactivation de l'UAC (contrôle de compte utilisateur) de Windows (Vista et W7) pour installer des rootkits, garder ce module activé même s'il paraît, des fois, énervant:

Cliquer sur "Démarrer" => "Panneau de configuration". Cliquer sur " Comptes d'utilisateurs..." => "Modifier les paramètres de contrôle de compte utilisateur."

Régler le curseur comme indiqué sur l'image.

>>> Protéger/ Sécuriser:

Vérifier le Pare-feu: Un pare-feu est le 1er rempart contre les intrusions.
- Ceux de Vista/ Windows 7 peuvent suffire, juste contrôler et activer si nécessaire depuis le "Centre de sécurité".
- Celui inclus dans Windows XP ne contrôle pas le flux sortant d'Internet d'où l'importance d'en installer un autre.
Vérifier et choisir, si nécessaire, un parmi ceux-ci (gratuits): Online Armor Firewall, Sunbelt Personal Firewall, Outpost Firewall FREE.
Contrôler et configurer les mises à jour Windows:
- Cliquer ICI et installer toutes les Mises à jour critiques après avoir accepté l'installation de l'activex (si proposé).
- OU, cliquer sur "Démarrer" => "Tous les programmes" => "Windows update".
- ET, optez (si ce n'est pas encore fait) pour une MAJ Automatique à une heure où vous êtes sûr que votre PC n'est pas éteint.
Installer PSI de Secunia pour des MAJ logiciels
Installer Mes drivers pour des MAJ pilotes (cliquer sur Lancer la détection
Utiliser PC Pitstop pour Optimiser votre PC (en anglais)
Sauvegarder le Registre avec Erunt
Pour des raisons évidentes, garder les copies de sauvegarde sur un support autre que le disque système.
Immunisez votre machine avec Spyware Blaster, compatible avec Toutes les versions de Windows 32bit et 64bit. Tuto.
Vaccinez votre machine et vos médias amovibles (clés USB...) avec MKV contre les "vers" (Autorun worms). Juste brancher tous les médias amovibles, lancer le programme et cliquer sur le bouton Vaccination (l'action est réversible en cliquant sur "Supprimer la vaccination".
Opter pour Firefox ou Opera pour la navigation de tous les jours et réserver Internet Explorer pour les Mises à jour et les cas bien spécifiques.
Nettoyer et dé-fragmenter, régulièrement, les Partitions/ Disques.

>>> Ce qu'il faut ÉVITER ABSOLUMENT: Parce qu'il existe toujours un programme/logiciel gratuit et légal pour pratiquement tout ce qu'on veut, supprimer de votre machine et rester à l'écart de tout ce qui est,

Warez , Crack , keygen etc. Arrêter de croire que ces programmes sont là juste pour faire plaisir ou rendre service. Il n'y a qu'à parcourir les Forums pour voir le nombre de PC victimes de ces programmes.
P2P , *.Torrent etc: Lire attentivement Le danger des P2P.

>>> Ajouter Résolu: Merci d'éditer ton 1er post pour ajouter [Résolu] à la fin du titre après avoir cliqué sur le bouton "Modifier".

Bonne chance!

Connexion

Pas encore inscrit ?

[Résolu] Pic d'utilisation mémoire aléatoire

Messages recommandés

Edwardounet

lance_yien

Edwardounet

lance_yien

Edwardounet

lance_yien

Edwardounet

lance_yien

Edwardounet

lance_yien

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer