[Résolu] PC infecté, besoin d'aide

[Dahosdren]

Bonjour à tous,

 

Mon ordinateur rencontre quelques problemes en ce moment (le plus présent étant le fait de tourner à 15/20 ips sur des jeux ou je tournais normalement à 60/80), je me permet donc de vous présenter mon Hijackthis, ne sachant pas du tout comment l'interpréter.

 

En fait je suis pret à reformater mais, avant cela, je test tout autre chemin possible.

Merci infiniment à l'avance de l'aide que vous pourrez m'apporter.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:41:13, on 23/08/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:\Users\Dahosdren\AppData\Roaming\Imezow\cuomr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

C:\Program Files (x86)\League of Legends\RADS\system\rads_user_kernel.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Dahosdren\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [{ABC6E96B-CB3A-DE25-C49B-BD8FF3BC9A23}] C:\Users\Dahosdren\AppData\Roaming\Imezow\cuomr.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-1852225165-3505658590-2671374733-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1852225165-3505658590-2671374733-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\x64\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Printer Control - Unknown owner - C:\Windows\system32\PrintCtrl.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

 

 

Lien de mon ZHPdiag : Cijoint.fr - Service gratuit de dépôt de fichiers

 

 

Merci.

Modifié le 28 août 2011 par Dahosdren

[lance_yien]

Bonjour Dahosdren,

 

---

Très Important!

 

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

Si à la place du bouton "Suivre ce sujet" tu as "Arrêter de suivre ce sujet", c'est que les réglages ont déjà été faits.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

>>> Que faire durant ce nettoyage: Merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions:

• Lire la totalité du message.
  
• Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau. Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau (ou les déplacer avant utilisation par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller").
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

 

>>> Ne pas abandonner son sujet avant d'être informé(e) que tout est OK.

---

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

 

>>> Programmes P2P: Tout ce qui est lié aux applications type P2P/ Torrent est devenu de plus en plus dangereux pour les machines et les documents personnels et/ ou confidentiels qui y sont stockés.

Fini le partage entre des gens honnêtes. Les pirates, aussi, veulent partager avec le maximum d'internautes et mettent à disposition leurs applications partout où ils peuvent sous de faux noms aussi attractifs que possibles.

En plus le principe même de ce type de réseau n'est en rien bénéfique. Bien au contraire, vous autoriser tout le monde à utiliser votre bande passante et communiquer avec votre machine ce qui peut ralentir considérablement votre système et/ou peut faciliter la tâche aux intrus.

En adhérant à ce type de réseau, non seulement, vous ouvrez délibérément des portes à tout et n'importe quoi mais aussi, vous forcez votre pare-feu et antivirus à les tolérer (c'est compris dans la procédure d'installation). On s'étonne après de ce qui arrive ou on accuse son antivirus.

 

Prendre la sage décision de désinstaller tout programme de ce type en commençant par BitTorrent

 

 

>>> Utiliser ZHPFix:

 

• Sélectionner et copier le texte suivant:
   

  P2 - FPN:Firefox Plugin Navigator . (.Pinball Corporation. - ClickPotatoLite Firefox Plugin.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npclntax_ClickPotatoLiteSA.dll
  O42 - Logiciel: Plants vs. Zombies - (.PopCap Games.) [HKLM] -- Plants vs. Zombies
  [HKCU\Software\Moovida]
  [HKCU\Software\PopCap]
  [HKCU\Software\clickpotatolitesa]
  [HKLM\Software\ClickPotatoLite]
  [HKLM\Software\PopCap]
  O43 - CFD: 21/11/2010 - 21:56:34 - [0] ----D- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
  O43 - CFD: 29/11/2010 - 13:55:50 - [10414918] ----D- C:\ProgramData\ClickPotatoLiteSA
  O43 - CFD: 11/10/2010 - 16:34:30 - [33201515] ----D- C:\ProgramData\PopCap Games
  O43 - CFD: 21/11/2010 - 21:56:34 - [0] ----D- C:\Users\Dahosdren\AppData\Roaming\ClickPotatoLite
  O43 - CFD: 01/06/2011 - 11:13:44 - [1710992] ----D- C:\Users\Dahosdren\AppData\Roaming\moovida-1
  O43 - CFD: 21/11/2010 - 21:56:34 - [997525] ----D- C:\Program Files (x86)\ClickPotatoLite
  O43 - CFD: 13/10/2010 - 18:26:26 - [28847898] ----D- C:\Program Files (x86)\PopCap Games
  O53 - SMSR:HKLM\...\startupreg\ClickPotatoLiteSA [Key] . (.Pinball Corporation. - ClickPotato Search Assistant.) -- C:\Program Files (x86)\ClickPotatoLite\bin\10.0.622.0\ClickPotatoLiteSA.exe
  O53 - SMSR:HKLM\...\startupreg\system32 [Key] . (...) -- C:\Users\Dahosdren\AppData\Roaming\ms13s.exe (.not file.)
  [MD5.AEE02B9D3D9DFE2DFEC230ACE3804BA8] [sPRF][27/10/2010] (.Ask - Wrapper Application.) -- C:\Users\Dahosdren\AppData\Local\Temp\setup.exe [3056008]
  [MD5.6EB7CDF17324686B02D993531E76F1E6] [sPRF][26/10/2010] (.Ask - Wrapper Application.) -- C:\Users\Dahosdren\AppData\Local\Temp\uttD1F.tmp.exe [2944904]
  [HKLM\Software\WOW6432Node\Classes\AppID\MenuButtonIE.DLL]
  [HKLM\Software\WOW6432Node\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}]
  [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da}]
  [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}]
  [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}]
  [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}]
  [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKLM\Software\WOW6432Node\ClickPotatoLite]
  [HKCU\Software\PopCap]
  [HKLM\Software\WOW6432Node\PopCap]
  [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}
  C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
  C:\ProgramData\ClickPotatoLiteSA
  C:\ProgramData\PopCap Games
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clickpotato
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
  C:\Users\Dahosdren\AppData\Roaming\ClickPotatoLite
  C:\Users\Dahosdren\AppData\Local\Temp\AskSearch
  C:\Program Files (x86)\ClickPotatoLite
  C:\Program Files (x86)\PopCap Games
  M3 - MFPP: Plugins - [Dahosdren] -- C:\Users\Dahosdren\AppData\Roaming\Mozilla\Firefox\Profiles\6fw35odx.default\searchplugins\sweetim.xml
  M2 - MFEP: prefs.js [Dahosdren - 6fw35odx.default\{EEE6C361-6118-11DC-9C72-001320C79847}] [] SweetIM Toolbar for Firefox v1.2.0.2 (.SweetIM Technologies LTD..)
  [HKCU\Software\SweetIM]
  [HKLM\Software\SweetIM]
  O43 - CFD: 20/07/2011 - 21:01:24 - [57909] ----D- C:\Users\Dahosdren\AppData\Roaming\teamspeak2
  [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}]
  [HKCU\Software\SweetIM]
  [HKLM\Software\WOW6432Node\SweetIM]
  C:\Users\Dahosdren\AppData\Roaming\teamspeak2
  C:\Users\Dahosdren\AppData\Roaming\Mozilla\Firefox\Profiles\6fw35odx.default\SearchPlugins\sweetim.xml
  O42 - Logiciel: BitTorrent - (.Pas de propriétaire.) [HKLM] -- BitTorrent
  [HKCU\Software\BitTorrent]
  O43 - CFD: 15/08/2011 - 16:02:02 - [1550671] ----D- C:\Users\Dahosdren\AppData\Roaming\BitTorrent
  O43 - CFD: 26/10/2010 - 17:18:54 - [400760] ----D- C:\Program Files (x86)\BitTorrent
  O87 - FAEL: "TCP Query User{932A97EE-1797-46BF-9605-54F82D313980}C:\program files (x86)\bittorrent\bittorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\program files (x86)\bittorrent\bittorrent.exe
  O87 - FAEL: "UDP Query User{71965DEB-D022-46E5-BE6F-A3841271CF32}C:\program files (x86)\bittorrent\bittorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\program files (x86)\bittorrent\bittorrent.exe
  O87 - FAEL: "{72CBBE93-E893-429D-B18B-BC044EC34BAD}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
  O87 - FAEL: "{44169AA3-6734-48A6-BAC5-E5580A8D15A9}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe

• Lancer ZHPFix (raccourci sur le Bureau) et cliquer sur le bouton [H].
  
• Vérifier que toutes les lignes copiées (et rien d'autre) apparaissent dans la fenêtre (et disposées exactement de la même façon) et clique sur le bouton [OK] puis sur sur le bouton [Tous].
  
• Fermer toutes les applications et autres fenêtres en cours désactive (y compris Internet) et désactiver tous les programmes de protection (antivirus, pare-feu et antispyware).
  
• Enfin clique sur le bouton [Nettoyer] et laisser faire. Redémarrer le PC pour finir le nettoyage si demandé.

Copie/colle le contenu du rapport qui s'ouvre dans la prochaine réponse. Ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ZHPFixReport.txt.

 

 

Ensuite, télécharger sur le Bureau:

• ComboFix© (par sUBs) depuis ici ou ici
• Security Check (par screen317) depuis ici ou ici.

 

>>> ComboFix/Analyse: Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et cliquer-droit sur ComboFix.exe => "Exécuter en tant qu'administrateur". Suivre les instructions.

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\). Poster son contenu.

 

 

>>> Utiliser SecurityCheck: Fermer toutes les fenêtres et applications ouvertes et cliquer-droit sur SecurityCheck.exe => "Exécuter en tant qu'administrateur" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Si un des programmes de sécurité demande la permission d'accéder à Internet depuis "dig.exe", acceptez.

Le Rapport "checkup.txt" s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

 

Rapports demandés:

• ZHPFixReport.tx
• ComboFix.txt
• checkup.txt

[Dahosdren]

Merci pour ton aide rapide, voici tous les rapports demandés.

 

ZHPfix : Cijoint.fr - Service gratuit de dépôt de fichiers

SecurityCheck : Cijoint.fr - Service gratuit de dépôt de fichiers

ComboFix : Cijoint.fr - Service gratuit de dépôt de fichiers

[Dahosdren]

Observation rapide : je m'aperçoit qu'un problème à dors et déjà disparu : le double "^^" en 1 seul click.

problème réglé je peut désormais mettre des trémas

si je m’aperçoit d'autre chose je vous tiens informés.

Merci

[lance_yien]

Merci de coller les rapports directement dans ton message comme demandé stp! ci-joint c'est uniquement quand c'est spécifié (parce que risque de dépassement des limites du forum).

[Dahosdren]

ok désolé autant pour moi, je me disais que ça allait être quelque peu long ^^

 

Rapport de ZHPFix 1.12.3357 par Nicolas Coolman, Update du 23/08/2011

Fichier d'export Registre :

Run by Dahosdren at 27/08/2011 16:55:21

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Web site : ZHPFix Fix de rapport

 

========== Logiciel(s) ==========

ABSENT Software Key: Plants vs. Zombies

ABSENT Software Key: BitTorrent

 

========== Processus mémoire ==========

SUPPRIME Memory Process: C:\Users\Dahosdren\AppData\Local\Temp\setup.exe

SUPPRIME Memory Process: C:\Users\Dahosdren\AppData\Local\Temp\uttD1F.tmp.exe

 

========== Clé(s) du Registre ==========

SUPPRIME Key: HKCU\Software\Moovida

SUPPRIME Key: HKCU\Software\PopCap

SUPPRIME Key: HKCU\Software\clickpotatolitesa

ABSENT Key: HKLM\Software\ClickPotatoLite

ABSENT Key: HKLM\Software\PopCap

SUPPRIME Key**: StartupReg: ClickPotatoLiteSA

SUPPRIME Key**: StartupReg: system32

SUPPRIME Key: HKLM\Software\WOW6432Node\Classes\AppID\MenuButtonIE.DLL

SUPPRIME Key: HKLM\Software\WOW6432Node\Classes\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C}

SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da}

SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}

SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

SUPPRIME Key: HKLM\Software\WOW6432Node\ClickPotatoLite

SUPPRIME Key: HKLM\Software\WOW6432Node\PopCap

SUPPRIME Key: HKCU\Software\SweetIM

ABSENT Key: HKLM\Software\SweetIM

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}

SUPPRIME Key: HKLM\Software\WOW6432Node\SweetIM

SUPPRIME Key: HKCU\Software\BitTorrent

 

========== Valeur(s) du Registre ==========

SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}

SUPPRIME TCP Query User{932A97EE-1797-46BF-9605-54F82D313980}C:/program files (x86)/bittorrent/bittorrent.exe

SUPPRIME UDP Query User{71965DEB-D022-46E5-BE6F-A3841271CF32}C:/program files (x86)/bittorrent/bittorrent.exe

SUPPRIME {72CBBE93-E893-429D-B18B-BC044EC34BAD}

SUPPRIME {44169AA3-6734-48A6-BAC5-E5580A8D15A9}

 

========== Dossier(s) ==========

SUPPRIME Folder: C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

SUPPRIME Folder: C:\ProgramData\ClickPotatoLiteSA

SUPPRIME Folder: C:\Users\Dahosdren\AppData\Roaming\ClickPotatoLite

SUPPRIME Folder: C:\Users\Dahosdren\AppData\Roaming\moovida-1

SUPPRIME Folder: c:\users\dahosdren\appdata\local\temp\asksearch

SUPPRIME Folder: C:\Users\Dahosdren\AppData\Roaming\Mozilla\Firefox\Profiles\6fw35odx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

SUPPRIME Folder: C:\Users\Dahosdren\AppData\Roaming\teamspeak2

SUPPRIME Folder: C:\Users\Dahosdren\AppData\Roaming\BitTorrent

 

========== Fichier(s) ==========

SUPPRIME c:\program files (x86)\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll

ABSENT File: c:\users\dahosdren\appdata\roaming\ms13s.exe

SUPPRIME File: c:\users\dahosdren\appdata\local\temp\setup.exe

SUPPRIME File: c:\users\dahosdren\appdata\local\temp\uttd1f.tmp.exe

ABSENT Folder/File: c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65

ABSENT Folder/File: c:\programdata\clickpotatolitesa

ABSENT Folder/File: c:\users\dahosdren\appdata\roaming\clickpotatolite

SUPPRIME c:\users\dahosdren\appdata\roaming\mozilla\firefox\profiles\6fw35odx.default\searchplugins\sweetim.xml

ABSENT Folder/File: c:\users\dahosdren\appdata\roaming\teamspeak2

ABSENT Folder/File: c:\users\dahosdren\appdata\roaming\mozilla\firefox\profiles\6fw35odx.default\searchplugins\sweetim.xml

 

 

========== Récapitulatif ==========

2 : Processus mémoire

23 : Clé(s) du Registre

5 : Valeur(s) du Registre

8 : Dossier(s)

10 : Fichier(s)

2 : Logiciel(s)

 

 

End of the scan in 00mn 24s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 27/08/2011 16:55:21 [4477]

 

 

_______________________________________________________________________________________________________________________________________

 

 

 

ComboFix 11-08-27.01 - Dahosdren 27/08/2011 17:00:09.1.2 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4091.2992 [GMT 2:00]

Lancé depuis: c:\users\Dahosdren\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

C:\Diskrun.exe

C:\Install.exe

c:\program files (x86)\ClickPotatoLite

c:\program files (x86)\ClickPotatoLite\bin\10.0.622.0\ClickPotatoLiteSAHook.dll

c:\program files (x86)\ClickPotatoLite\bin\10.0.622.0\firefox\extensions\install.rdf

c:\program files (x86)\ClickPotatoLite\bin\10.0.622.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll

c:\program files (x86)\INSTALL.LOG

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk

c:\programdata\Roaming

C:\system.bin

c:\system.bin\2C3F67F9599.exe

c:\system.bin\DDE05673720B92F

c:\users\Dahosdren\AppData\Roaming\Imezow

c:\users\Dahosdren\AppData\Roaming\Imezow\cuomr.exe

c:\users\Dahosdren\AppData\Roaming\k-one

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-07-27 au 2011-08-27 ))))))))))))))))))))))))))))))))))))

.

.

2011-08-27 15:06 . 2011-08-27 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-27 08:12 . 2011-08-27 08:12 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2011-08-27 08:07 . 2011-08-27 14:55 -------- d-----w- C:\ZHP

2011-08-27 08:07 . 2011-08-27 08:12 -------- d-----w- c:\program files (x86)\ZHPDiag

2011-08-27 08:03 . 2011-08-27 08:04 -------- d-----w- c:\programdata\NVIDIA

2011-08-27 08:01 . 2011-08-03 11:50 980072 ----a-w- c:\windows\system32\nvvsvc.exe

2011-08-27 08:01 . 2011-08-03 11:50 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-08-27 08:01 . 2011-08-03 11:50 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-08-27 08:01 . 2011-08-03 11:50 6136936 ----a-w- c:\windows\system32\nvcpl.dll

2011-08-27 08:01 . 2011-08-03 11:50 335976 ----a-w- c:\windows\system32\nvhotkey.dll

2011-08-27 08:01 . 2011-08-03 11:50 3021416 ----a-w- c:\windows\system32\nvsvc64.dll

2011-08-27 08:01 . 2011-08-03 11:50 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-08-27 08:01 . 2011-08-03 11:50 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-08-27 08:01 . 2011-08-27 08:01 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-08-26 06:34 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA006534-8666-4CCD-A20E-1AF3815C7293}\mpengine.dll

2011-08-24 11:02 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 11:02 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-19 17:19 . 2011-08-19 17:19 -------- d-----w- c:\program files (x86)\FinalWire

2011-08-18 00:09 . 2011-08-18 00:19 -------- d-----w- c:\users\Dahosdren\AppData\Local\Ubisoft Game Launcher

2011-08-15 10:07 . 2011-08-15 10:07 -------- d-----w- c:\users\Dahosdren\AppData\Roaming\SPORE

2011-08-15 09:59 . 2011-08-15 09:59 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll

2011-08-14 18:30 . 2011-08-14 18:30 -------- d-----w- c:\program files (x86)\Microsoft WSE

2011-08-14 18:25 . 2011-08-15 09:55 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-08-14 14:08 . 2011-08-14 14:08 -------- d-----w- c:\users\Dahosdren\AppData\Roaming\GOA

2011-08-14 14:08 . 2011-08-14 14:08 -------- d-----w- c:\programdata\GOA

2011-08-14 14:05 . 2011-08-14 14:06 -------- d-----w- c:\program files (x86)\Little Folk of Faery

2011-08-14 13:58 . 2011-08-14 13:58 -------- d-----w- c:\programdata\Big Fish Games

2011-08-14 13:58 . 2011-08-14 13:58 -------- d-----w- c:\program files (x86)\bfgclient

2011-08-14 13:56 . 2011-08-14 14:08 -------- d-----w- C:\BigFishGamesCache

2011-08-12 10:35 . 2011-08-27 14:55 -------- d-----w- c:\users\Dahosdren\AppData\Roaming\Skype

2011-08-12 10:35 . 2011-08-12 10:35 -------- d-----r- c:\program files (x86)\Skype

2011-08-12 10:35 . 2011-08-12 10:35 -------- d-----w- c:\programdata\Skype

2011-08-10 13:03 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 13:03 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-03 20:58 . 2011-08-03 20:58 -------- d-----w- c:\windows\SysWow64\xlive

2011-08-03 20:58 . 2011-08-03 20:58 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE

2011-08-03 13:12 . 2011-08-03 13:12 -------- d-----w- c:\users\Dahosdren\AppData\Local\Ascaron Entertainment

2011-08-03 13:11 . 2011-08-03 13:11 -------- d-----w- c:\users\UpdatusUser

2011-08-03 13:10 . 2011-08-27 08:03 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2011-08-03 12:40 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll

2011-08-03 12:40 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2011-08-03 12:40 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll

2011-08-03 12:38 . 2011-08-03 12:38 419840 ----a-w- c:\windows\system32\wrap_oal.dll

2011-08-03 12:38 . 2011-08-03 12:38 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2011-08-03 12:38 . 2011-08-03 12:38 133632 ----a-w- c:\windows\system32\OpenAL32.dll

2011-08-03 12:38 . 2011-08-03 12:38 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-08-03 12:26 . 2011-08-03 12:26 -------- d-----w- c:\program files (x86)\Deep Silver

2011-08-03 12:26 . 2011-08-03 12:26 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-15 19:40 . 2011-05-21 15:46 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-08-15 19:40 . 2011-05-21 15:46 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-08-15 17:15 . 2011-05-21 15:46 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-07-20 18:56 . 2011-07-20 18:56 34064 ----a-w- c:\windows\SysWow64\lhacm.acm

2011-07-16 04:26 . 2011-08-10 13:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-01 08:34 . 2011-07-01 08:34 128512 ----a-w- c:\windows\RegBootClean64.exe

2011-06-19 07:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-19 07:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-11 03:07 . 2011-07-13 08:25 3137536 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [x]

R3 dc3d;Pilote de détection des périphériques Microsoft Hardware;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-02 16640]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-07-09 421376]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

R3 netw5v64;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 64 bits;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S3 NETwNs64;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Dahosdren\AppData\Roaming\Mozilla\Firefox\Profiles\6fw35odx.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.fr

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Wow6432Node-HKCU-Run-{ABC6E96B-CB3A-DE25-C49B-BD8FF3BC9A23} - c:\users\Dahosdren\AppData\Roaming\Imezow\cuomr.exe

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

AddRemove-Anki - c:\program files (x86)\Anki\uninstall.exe

AddRemove-CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1 - c:\program files (x86)\Divinity II - DKS\unins000.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-1852225165-3505658590-2671374733-1000\Software\SecuROM\License information*]

"datasecu"=hex:d8,ff,88,6c,e0,41,09,2e,d5,93,df,b9,7a,20,2e,03,87,52,cf,40,85,

44,46,50,6e,4b,a0,fb,77,dc,de,dd,fe,34,68,20,63,8c,0d,d1,5b,70,49,6f,3a,b5,\

"rkeysecu"=hex:d1,f1,96,8c,26,51,97,65,50,fb,5f,f6,1d,57,49,84

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe

.

**************************************************************************

.

Heure de fin: 2011-08-27 17:12:27 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-08-27 15:12

.

Avant-CF: 82 466 545 664 octets libres

Après-CF: 92 246 089 728 octets libres

.

- - End Of File - - D6C8F4239917AF02920317BDC2CCF863

 

 

_______________________________________________________________________________________________________________________________________

 

 

 

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 26

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Modifié le 27 août 2011 par Dahosdren

[lance_yien]

Pas de soucis pour les rapports. Juste prendre le temps de lire et suivre les instructions

--

 

Bien des choses ont été enlevées. On continue!

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

 

>>> Installer un antivirus: Ton système ne semble pas avoir un antivirus. En installe un (SEUL) parmi les suivants (tous gratuits): Avast!, Avira AntiVir Personal – FREE Antivirus, AVG - FREE EDITION, Microsoft Security Essentials

 

 

>>> Vérifier/ Activer l'UAC: Parce qu'il y a de plus en plus de malware qui exploitent la désactivation de l'UAC (contrôle de compte utilisateur) de Windows (Vista et W7) pour installer des rootkits et parce que les pirates arrivent à le désactiver à distance pour prendre le contrôle d'une machine, garder ce module activé même s'il paraît, des fois, énervant. Ne leur facilitons pas la tâche.

Cliquer sur "Démarrer" => "Panneau de configuration". Cliquer sur " Comptes d'utilisateurs..." => "Modifier les paramètres de contrôle de compte utilisateur."

Régler le curseur comme indiqué ci-dessous:

 

 

 

>>> Vérifier le pare-feu de Windows et le réactiver si nécessaire depuis le Panneau de configuration.

 

 

>>> Analyse OTL: Télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Brancher et allumer tous les médias amovibles disponibles et susceptibles d'être infectés (DD externe, clés USB etc) et fermer toutes les applications et fenêtres ouvertes.

Cliquer-droit sur OTL.exe => "Exécuter en tant qu'administrateur" et copier/ coller ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

 

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: "OTL.txt" (qui s'ouvre dans le bloc-note) et "Extras.txt" (qui sera minimisé dans la Barre des tâches).

Copier/ coller le contenu de chaque rapport dans une prochaine réponse, POSTER un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

Rapports demandés:

• OTL.txt
• Extras.txt

[Dahosdren]

L'antivirus Comodo m'a été recommandé mais il n'est pas dans ta liste. Puis-je télécharger celui-là ou tu me recommande uniquement un de ta liste ?

Merci

[Dahosdren]

1er rapport OTL

 

 

OTL logfile created on: 27/08/2011 20:48:10 - Run 1

OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Dahosdren\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,00% Memory free

9,98 Gb Paging File | 8,78 Gb Available in Paging File | 87,98% Paging File free

Paging file location(s): c:\pagefile.sys 6135 6135 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298,09 Gb Total Space | 84,90 Gb Free Space | 28,48% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 518,91 Gb Free Space | 55,71% Space Free | Partition Type: NTFS

 

Computer Name: DAHOSDREN-PC | User Name: Dahosdren | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/08/27 20:26:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Dahosdren\Desktop\OTL.exe

PRC - [2011/08/03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/05/21 17:46:13 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/04/04 14:56:00 | 000,556,072 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe

PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/08/11 03:34:33 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3dd77b6d66cda1f160a7adbe7c0e01af\IAStorUtil.ni.dll

MOD - [2011/08/11 03:29:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll

MOD - [2011/08/11 03:28:40 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll

MOD - [2011/08/11 03:28:34 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll

MOD - [2011/08/11 03:28:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll

MOD - [2011/08/11 03:28:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll

MOD - [2011/08/11 03:28:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll

MOD - [2011/08/11 03:28:16 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll

MOD - [2011/08/11 03:18:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4655321f01d2564f3c7acda08636ecc6\IAStorCommon.ni.dll

MOD - [2011/08/11 03:17:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MOD - [2010/11/13 02:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/06/22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll

MOD - [2009/07/14 17:23:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/07/09 15:58:20 | 000,421,376 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\x64\maconfservice.exe -- (maconfservice)

SRV:64bit: - [2011/06/30 09:37:30 | 002,528,096 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2011/05/26 05:43:26 | 000,161,080 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)

SRV:64bit: - [2010/11/02 13:49:46 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/11/02 13:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/11/02 13:34:14 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/16 08:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Stopped] -- C:\Windows\SysNative\PrintCtrl.exe -- (Printer Control)

SRV - [2011/08/03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/21 17:46:13 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/03/09 16:40:13 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/07/02 14:33:48 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)

DRV:64bit: - [2011/06/30 09:38:08 | 000,016,016 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)

DRV:64bit: - [2011/05/26 11:29:24 | 000,397,600 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/09 04:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Pilote de carte de la série Intel®

DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/13 18:20:45 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2010/05/11 12:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)

DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Pilote de carte de liaison WiFi sans fil Intel®

DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2008/06/12 10:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)

DRV:64bit: - [2008/05/13 13:48:38 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)

DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 32 9A 1D C2 37 CC 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://google.fr"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.622.0

FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5

FF - prefs.js..extensions.enabledItems: rikaichan-jpfr@polarcloud.com:2.01.110409

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.622.0\firefox\extensions

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/19 17:39:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/27 16:54:56 | 000,000,000 | ---D | M]

 

[2010/09/30 18:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dahosdren\AppData\Roaming\mozilla\Extensions

[2011/08/27 16:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dahosdren\AppData\Roaming\mozilla\Firefox\Profiles\6fw35odx.default\extensions

[2011/06/18 11:49:33 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Dahosdren\AppData\Roaming\mozilla\Firefox\Profiles\6fw35odx.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}

[2011/06/01 17:55:56 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dahosdren\AppData\Roaming\mozilla\Firefox\Profiles\6fw35odx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2011/06/08 15:27:26 | 000,000,000 | ---D | M] (Rikaichan Japanese-French Dictionary File) -- C:\Users\Dahosdren\AppData\Roaming\mozilla\Firefox\Profiles\6fw35odx.default\extensions\rikaichan-jpfr@polarcloud.com

[2011/06/20 11:17:28 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Dahosdren\AppData\Roaming\mozilla\Firefox\Profiles\6fw35odx.default\extensions\zotero@chnm.gmu.edu

[2011/07/05 17:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/10/22 11:46:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/10/24 12:59:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/21 13:00:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/04/05 02:08:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/05 17:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\DAHOSDREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FW35ODX.DEFAULT\EXTENSIONS\{125AA783-EF4F-4515-A804-AA67116FDB43}.XPI

() (No name found) -- C:\USERS\DAHOSDREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FW35ODX.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI

[2011/08/19 17:39:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml

[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml

[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2011/08/27 17:07:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)

O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/04/30 23:34:21 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]

O32 - Unable to obtain root file information for disk F:\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/08/27 20:45:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO

[2011/08/27 20:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2011/08/27 20:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2011/08/27 20:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2011/08/27 20:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader

[2011/08/27 20:26:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Dahosdren\Desktop\OTL.exe

[2011/08/27 17:59:18 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\Documents\caméra

[2011/08/27 17:07:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2011/08/27 16:59:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/08/27 16:59:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/08/27 16:59:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/08/27 16:59:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/08/27 16:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/08/27 10:07:40 | 000,000,000 | ---D | C] -- C:\ZHP

[2011/08/27 10:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

[2011/08/27 10:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2011/08/27 10:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2011/08/27 10:01:57 | 006,136,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2011/08/27 10:01:57 | 003,021,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2011/08/27 10:01:57 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2011/08/27 10:01:57 | 000,836,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll

[2011/08/27 10:01:57 | 000,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll

[2011/08/27 10:01:57 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2011/08/27 10:01:57 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

[2011/08/27 10:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2011/08/27 09:57:39 | 008,355,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2011/08/27 09:57:39 | 006,613,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2011/08/27 09:57:39 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2011/08/27 09:57:39 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2011/08/27 09:57:38 | 024,692,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2011/08/27 09:57:38 | 022,470,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2011/08/27 09:57:38 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2011/08/27 09:57:38 | 016,595,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2011/08/27 09:57:38 | 015,064,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2011/08/27 09:57:38 | 012,636,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2011/08/27 09:57:38 | 007,254,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2011/08/27 09:57:38 | 005,404,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2011/08/27 09:57:38 | 002,758,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2011/08/27 09:57:38 | 002,532,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2011/08/27 09:57:38 | 002,412,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2011/08/27 09:57:38 | 002,391,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2011/08/27 09:57:38 | 002,222,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2011/08/27 09:57:38 | 002,090,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2011/08/27 09:57:38 | 001,519,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll

[2011/08/27 09:57:38 | 001,453,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll

[2011/08/19 19:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire

[2011/08/18 02:19:30 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\Documents\Dust

[2011/08/18 02:09:59 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\AppData\Local\Ubisoft Game Launcher

[2011/08/18 02:08:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2011/08/18 02:08:08 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2011/08/18 02:08:08 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2011/08/18 02:08:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2011/08/18 02:08:07 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2011/08/18 02:08:07 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2011/08/18 02:08:07 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2011/08/18 02:08:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2011/08/18 02:08:07 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2011/08/18 02:08:07 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2011/08/18 02:08:07 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2011/08/18 02:08:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2011/08/18 02:08:07 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2011/08/18 02:08:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2011/08/18 02:08:07 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2011/08/18 02:08:07 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2011/08/15 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\Documents\Mes Créations

[2011/08/15 12:07:18 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\AppData\Roaming\SPORE

[2011/08/15 11:59:09 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2011/08/14 20:32:58 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\Documents\Electronic Arts

[2011/08/14 20:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE

[2011/08/14 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2011/08/14 16:08:26 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\AppData\Roaming\GOA

[2011/08/14 16:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\GOA

[2011/08/14 16:05:47 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Folk of Faery

[2011/08/14 16:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Folk of Faery

[2011/08/14 16:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Little Folk of Faery

[2011/08/14 15:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games

[2011/08/14 15:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient

[2011/08/14 15:56:15 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache

[2011/08/12 12:35:57 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\AppData\Roaming\Skype

[2011/08/12 12:35:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2011/08/12 12:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011/08/12 12:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2011/08/10 15:04:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2011/08/10 15:04:33 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2011/08/10 15:04:33 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2011/08/10 15:04:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2011/08/10 15:04:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2011/08/10 15:04:33 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2011/08/10 15:04:33 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2011/08/10 15:04:33 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2011/08/10 15:04:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2011/08/10 15:04:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2011/08/10 15:04:28 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2011/08/10 15:04:28 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2011/08/10 15:04:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2011/08/10 15:04:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2011/08/10 15:04:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2011/08/10 15:04:28 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2011/08/10 15:04:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2011/08/10 15:04:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2011/08/10 15:04:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2011/08/10 15:04:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2011/08/10 15:04:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2011/08/10 15:04:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2011/08/10 15:04:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2011/08/10 15:04:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2011/08/10 15:04:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2011/08/10 15:04:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2011/08/10 15:04:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2011/08/10 15:04:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2011/08/10 15:04:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2011/08/10 15:04:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2011/08/10 15:04:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2011/08/10 15:04:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2011/08/10 15:04:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2011/08/10 15:04:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2011/08/10 15:04:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2011/08/10 15:04:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2011/08/10 15:04:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2011/08/10 15:04:07 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/08/10 15:04:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/08/10 15:04:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/08/10 15:04:06 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/08/10 15:04:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/08/10 15:04:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/08/10 15:04:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/08/10 15:04:00 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2011/08/10 15:03:59 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2011/08/10 15:03:59 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2011/08/03 22:58:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive

[2011/08/03 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

[2011/08/03 15:12:18 | 000,000,000 | ---D | C] -- C:\Users\Dahosdren\AppData\Local\Ascaron Entertainment

[2011/08/03 15:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation

[2011/08/03 14:40:18 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2011/08/03 14:40:18 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2011/08/03 14:40:15 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2011/08/03 14:38:17 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2011/08/03 14:38:17 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2011/08/03 14:38:17 | 000,133,632 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2011/08/03 14:38:16 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2011/08/03 14:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver

[2011/08/03 14:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver

[2011/08/02 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/08/27 20:53:50 | 000,387,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat

[2011/08/27 20:51:59 | 000,023,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/08/27 20:51:59 | 000,023,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/08/27 20:50:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/08/27 20:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/08/27 20:43:53 | 3217,244,160 | -HS- | M] () -- C:\hiberfil.sys

[2011/08/27 20:43:00 | 001,649,174 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/08/27 20:43:00 | 000,741,092 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2011/08/27 20:43:00 | 000,648,164 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/08/27 20:43:00 | 000,146,870 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2011/08/27 20:43:00 | 000,119,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/08/27 20:29:29 | 000,001,069 | ---- | M] () -- C:\Users\Dahosdren\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk

[2011/08/27 20:26:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Dahosdren\Desktop\OTL.exe

[2011/08/27 17:07:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/08/27 10:12:46 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2011/08/23 13:37:00 | 000,841,416 | ---- | M] () -- C:\Users\Dahosdren\AppData\Local\census.cache

[2011/08/23 13:36:51 | 000,102,603 | ---- | M] () -- C:\Users\Dahosdren\AppData\Local\ars.cache

[2011/08/21 12:10:26 | 005,601,781 | ---- | M] () -- C:\Users\Dahosdren\Documents\faune_australie.pdf

[2011/08/20 10:02:18 | 000,219,248 | ---- | M] () -- C:\Users\Dahosdren\Documents\Chaton Thomas 2.jpg

[2011/08/20 10:02:15 | 000,178,873 | ---- | M] () -- C:\Users\Dahosdren\Documents\Chaton Thomas 3.jpg

[2011/08/16 01:02:06 | 001,627,720 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/08/15 21:40:59 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011/08/15 21:40:59 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/08/15 19:15:40 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2011/08/15 11:59:09 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

[2011/08/12 10:42:01 | 000,100,700 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/08/11 03:06:57 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

[2011/08/03 14:42:36 | 000,291,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/08/03 14:38:17 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2011/08/03 14:38:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2011/08/03 14:38:17 | 000,133,632 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll

[2011/08/03 14:38:16 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll

[2011/08/03 13:50:00 | 024,692,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll

[2011/08/03 13:50:00 | 022,470,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll

[2011/08/03 13:50:00 | 017,193,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll

[2011/08/03 13:50:00 | 016,595,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll

[2011/08/03 13:50:00 | 015,064,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll

[2011/08/03 13:50:00 | 012,636,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll

[2011/08/03 13:50:00 | 008,355,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll

[2011/08/03 13:50:00 | 007,254,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll

[2011/08/03 13:50:00 | 006,613,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll

[2011/08/03 13:50:00 | 006,136,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll

[2011/08/03 13:50:00 | 005,404,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll

[2011/08/03 13:50:00 | 003,021,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll

[2011/08/03 13:50:00 | 002,758,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll

[2011/08/03 13:50:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2011/08/03 13:50:00 | 002,532,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll

[2011/08/03 13:50:00 | 002,412,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll

[2011/08/03 13:50:00 | 002,391,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll

[2011/08/03 13:50:00 | 002,222,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2011/08/03 13:50:00 | 002,090,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll

[2011/08/03 13:50:00 | 001,519,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll

[2011/08/03 13:50:00 | 001,453,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll

[2011/08/03 13:50:00 | 000,836,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll

[2011/08/03 13:50:00 | 000,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhotkey.dll

[2011/08/03 13:50:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

[2011/08/03 13:50:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2011/08/03 13:50:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

[2011/08/03 13:50:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2011/08/03 13:50:00 | 000,007,383 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/08/27 20:50:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/08/27 20:30:54 | 000,045,297 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat

[2011/08/27 20:29:29 | 000,001,069 | ---- | C] () -- C:\Users\Dahosdren\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk

[2011/08/27 16:59:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/08/27 16:59:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/08/27 16:59:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/08/27 16:59:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/08/27 16:59:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/08/27 10:12:46 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2011/08/27 09:57:38 | 000,007,383 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb

[2011/08/23 13:37:00 | 000,841,416 | ---- | C] () -- C:\Users\Dahosdren\AppData\Local\census.cache

[2011/08/23 13:36:51 | 000,102,603 | ---- | C] () -- C:\Users\Dahosdren\AppData\Local\ars.cache

[2011/08/21 12:10:26 | 005,601,781 | ---- | C] () -- C:\Users\Dahosdren\Documents\faune_australie.pdf

[2011/08/20 10:02:15 | 000,219,248 | ---- | C] () -- C:\Users\Dahosdren\Documents\Chaton Thomas 2.jpg

[2011/08/20 10:02:12 | 000,178,873 | ---- | C] () -- C:\Users\Dahosdren\Documents\Chaton Thomas 3.jpg

[2011/08/14 20:29:40 | 001,627,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/08/14 15:58:11 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk

[2011/08/03 22:58:37 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk

[2011/07/14 08:09:34 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin

[2011/07/13 18:43:18 | 000,100,700 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011/07/11 22:48:35 | 662,794,240 | ---- | C] () -- C:\Program Files (x86)\heroes 4 cd 1.iso

[2011/07/11 22:48:27 | 189,761,536 | ---- | C] () -- C:\Program Files (x86)\heroes 4 cd 2.iso

[2011/07/01 10:34:24 | 000,128,512 | ---- | C] () -- C:\Windows\RegBootClean64.exe

[2011/07/01 10:26:53 | 000,000,036 | ---- | C] () -- C:\Users\Dahosdren\AppData\Local\housecall.guid.cache

[2011/06/24 08:52:28 | 000,000,392 | ---- | C] () -- C:\Windows\SysWow64\mail.dat

[2011/06/24 08:52:26 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\mess.dat

[2011/05/21 17:46:34 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/05/21 17:46:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/05/21 17:22:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/03/17 01:02:22 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2011/02/14 21:20:40 | 2781,708,288 | ---- | C] () -- C:\Program Files (x86)\CC3Kane.iso

[2011/02/14 20:58:44 | 3947,679,743 | ---- | C] () -- C:\Program Files (x86)\flt-cnc3.iso

[2010/11/04 21:29:33 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll

[2010/10/19 01:30:21 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\psfind.dll

[2010/10/17 23:17:04 | 000,039,271 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2010/10/15 18:03:28 | 000,000,017 | ---- | C] () -- C:\Users\Dahosdren\AppData\Local\resmon.resmoncfg

[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2008/01/19 17:11:08 | 000,164,352 | R--- | C] () -- C:\Windows\SysWow64\Unrar.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010/09/26 12:16:43 | 000,000,212 | -H-- | M] () -- C:\Boot.BAK

[2010/09/30 05:48:58 | 000,000,356 | RHS- | M] () -- C:\Boot.ini.saved

[2008/04/14 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2010/11/20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2010/09/30 16:39:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2011/08/27 20:43:53 | 3217,244,160 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2008/07/16 17:38:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/07/16 17:38:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 14:00:00 | 000,252,240 | RHS- | M] () -- C:\ntldr

[2011/08/27 20:43:58 | 2138,046,463 | -HS- | M] () -- C:\pagefile.sys

[2011/08/27 10:12:46 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2011/08/27 20:50:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2008/07/22 21:21:27 | 000,000,123 | -H-- | M] () -- C:\SWSTAMP.TXT

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

 

< %systemroot%\system32\drivers\*.sys /90 >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 

< End of report >

 

 

_____________________________________________________________________________________________________________________________________________

 

 

2ème rapport : Extras :

 

 

OTL Extras logfile created on: 27/08/2011 20:48:10 - Run 1

OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Dahosdren\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,00% Memory free

9,98 Gb Paging File | 8,78 Gb Available in Paging File | 87,98% Paging File free

Paging file location(s): c:\pagefile.sys 6135 6135 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 298,09 Gb Total Space | 84,90 Gb Free Space | 28,48% Space Free | Partition Type: NTFS

Drive F: | 931,51 Gb Total Space | 518,91 Gb Free Space | 55,71% Space Free | Partition Type: NTFS

 

Computer Name: DAHOSDREN-PC | User Name: Dahosdren | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Users\DAHOSD~1\AppData\Local\Temp\oCwR24UZVt.exe" = C:\Users\DAHOSD~1\AppData\Local\Temp\oCwR24UZVt.exe:*:Enabled:Windows Messanger

"C:\Users\DAHOSD~1\AppData\Local\Temp\oCwR24UZVt.exe" = C:\Users\DAHOSD~1\AppData\Local\Temp\oCwR24UZVt.exe:*:Enabled:Windows Messanger

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{4C97CB8A-C359-490D-A518-ED60D812E6C2}" = Ma-Config.com (64 bits)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{AF162E20-417F-4946-A06D-65734984957F}" = Logiciel Intel® PROSet/Wireless WiFi

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Pilote du contrôleur 3D Vision 280.19

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.4.28

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{E3015C78-C196-4039-A279-9959940083DE}" = O2Micro Flash Memory Card Reader Driver (x64)

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"ProInst" = Intel PROSet Wireless

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare 1.3 Patch

"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V

"{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 26

"{2BB047B7-E613-4686-BE0C-E63BB26BE121}" = Sacred 2 - Elite

"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest

"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust

"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare 1.1 Patch

"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information

"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Les Sims Medieval

"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare 1.5 Patch

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1036-7B44-A70900000002}" = Adobe Reader 7.0.9 - Français

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare 1.2 Patch

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.08

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60

"Anki" = Anki

"ASIO4ALL" = ASIO4ALL

"BFGC" = Big Fish Games: Game Manager

"BFG-Little Folk of Faery" = Little Folk of Faery

"BitTorrent" = BitTorrent

"CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - DKS

"COMODO GeekBuddy" = COMODO GeekBuddy

"Diablo II" = Diablo II

"FL Studio 10" = FL Studio 10

"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm

"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War

"HijackThis" = HijackThis 2.0.2

"IL Download Manager" = IL Download Manager

"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty® 4 - Modern Warfare 1.3 Patch

"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch

"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty® 4 - Modern Warfare 1.1 Patch

"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare

"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty® 4 - Modern Warfare 1.2 Patch

"Magic Workstation_is1" = Magic Workstation 0.94f

"Marvell Miniport Driver" = Marvell Miniport Driver

"Mozilla Firefox 6.0 (x86 fr)" = Mozilla Firefox 6.0 (x86 fr)

"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation

"Mumble" = Mumble and Murmur

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"Picasa 3" = Picasa 3

"Plants vs. Zombies" = Plants vs. Zombies

"StarCraft II" = StarCraft II

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"VLC media player" = VLC media player 1.0.1

"Warcraft III" = Warcraft III

"Winamp" = Winamp

"WinRAR archiver" = WinRAR archiver

"ZHPDiag_is1" = ZHPDiag 1.28

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Phonetik" = Phonetik

"Winamp Detect" = Détection de l'application Winamp

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Modifié le 27 août 2011 par Dahosdren

[lance_yien]

Bonjour,

 

Pas de problème pour l'antivirus, l'essentiel est d'en avoir un actif.

 

>>> Correction OTL: Fermer toute s les applications et fenêtres en cours et désactiver les programmes de protection (antivirus etc...).

Lancer OTL et copier/ coller la liste suivante (commençant par :OTL) dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très importants, merci de vérifier).

 

:OTL

FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.622.0

FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5

FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.622.0\firefox\extensions

() (No name found) -- C:\USERS\DAHOSDREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FW35ODX.DEFAULT\EXTENSIONS\{125AA783-EF4F-4515-A804-AA67116FDB43}.XPI

() (No name found) -- C:\USERS\DAHOSDREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6FW35ODX.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

:Services

 

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = -

 

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP

C:\Program Files (x86)\ClickPotatoLite

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur "Oui".

A la fin un rapport s'ouvre dans le bloc-note. Copier et le coller son contenu dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

>>> Mises à jour: Toute ancienne version d'un programme quel qu'il soit peut comporter des vulnérabilités susceptibles d'être exploitées pour infecter un PC:

- Désinstaller[/b][/color] les vieilles versions de Flash Player avec cet utilitaire (en le téléchargeant sur le Bureau.

- Ensuite, installer la dernière version en cliquant ici. Décocher l'option "McAfee® Security Scan Plus gratuit (en option)" et cliquer sur Télécharger dès maintenant pour lancer le processus d'installation. Patienter jusqu'à la fin et supprimer le fichier uninstall_flash_player.exe

Répéter la 2ème étape pour chacun de vos navigateurs utilisés (IE, FF...).

 

 

Rapports demandés:

• OTL.txt

Autres symptômes à vérifier avant de conclure?