Page 1 sur 1

Demande rapport d'analyse Hijack and OLT

MessagePosté: 16 Fév 2011, 10:51
de ThomX45
Bonjour je vous envoie cet demande suite a l'infection d'un trajan et plusieur problème de réseaux que je n'arrive pas a résoudre chez moi j'ai fait une désinfection avec Kapersky un rapport d'OLT et hijackthis.
Mon sytem est un windows 7 64 bits. Depuis quelque temps mes disques dur ce mettent à écrire sans que je leur demande j'ai chercher d'ou ça venait mais n'étant pas un expert je ne suis pas sur d'avoir éradiquer la menace c'est peut être windows 7 qui défragment les disques?
Rapport malware
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5772

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/02/2011 10:31:01
mbam-log-2011-02-16 (10-31-01).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 157623
Temps écoulé: 2 minute(s), 12 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Rapport OLT :
OTL logfile created on: 16/02/2011 10:46:34 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Nettoyeur
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 117,39 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive F: | 373,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 931,28 Gb Total Space | 640,68 Gb Free Space | 68,80% Space Free | Partition Type: FAT32

Computer Name: DAGOBABRAIN | User Name: Dagoba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/16 10:17:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Nettoyeur\OTL.exe
PRC - [2011/02/05 14:32:18 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010/12/05 14:01:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/06/07 04:56:14 | 000,113,976 | ---- | M] () -- C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2010/04/22 15:56:42 | 001,109,120 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
PRC - [2009/08/19 18:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/08/16 20:36:06 | 000,955,392 | ---- | M] (SFX TEAM) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
PRC - [2009/04/23 14:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Nettoyeur\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Nettoyeur\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/02/16 10:17:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Nettoyeur\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/16 05:40:16 | 000,069,632 | ---- | M] () -- C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/20 15:16:28 | 000,326,144 | ---- | M] (CybelSoft) [Disabled | Stopped] -- C:\Program Files\ma-config.com\x64\maconfservice.exe -- (maconfservice)
SRV:64bit: - [2010/10/27 03:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/15 09:42:12 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/09/15 09:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/08/02 09:51:33 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Windows\Installer\MSI3509.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/02 18:53:38 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/08/19 18:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/12 12:16:00 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/01/16 02:43:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/16 02:43:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/25 02:27:23 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/25 02:27:23 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/12/25 02:27:21 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/12/25 02:27:10 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2010/10/27 05:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/27 05:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 03:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/24 15:47:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/21 14:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/10/13 19:47:57 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010/09/24 13:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/15 09:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/15 09:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/08/30 11:19:54 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/09 12:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/06/23 08:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/27 03:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/27 03:25:22 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV:64bit: - [2010/04/27 03:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/04/27 03:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/08 15:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/16 10:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/10/24 03:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/04/04 13:30:06 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHFFB5.sys -- (SaiHFFB5)
DRV:64bit: - [2008/04/04 13:30:06 | 000,020,864 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiIFFB5.sys -- (SaiIFFB5) Immersion's HID USB Driver (FFB5)
DRV:64bit: - [2007/12/11 03:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/03 03:20:54 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0)
DRV - [2010/09/15 09:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/09/15 09:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2008/02/15 15:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Utilitaires system\Live Update 4\LU4\Flashsys64.sys -- (FLASHSYS)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=par ... FFF0%3B&q={searchTerms}
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D D3 81 03 D0 25 CB 01 [binary data]
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: freetvradio@spointer.com:3.0.1474.124
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\freetvradio@spointer.com: C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio@spointer.com [2010/07/18 00:25:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 16:46:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 16:46:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Thunderbird\components [2011/02/12 12:01:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt_2_x [2011/02/12 12:16:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt_3_1_x [2011/02/12 12:16:26 | 000,000,000 | ---D | M]

[2010/09/13 11:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dagoba\AppData\Roaming\mozilla\Extensions
[2010/07/17 23:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dagoba\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/25 02:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dagoba\AppData\Roaming\mozilla\Firefox\Profiles\l8e9xwmr.default\extensions
[2010/11/04 16:31:55 | 000,001,575 | ---- | M] () -- C:\Users\Dagoba\AppData\Roaming\Mozilla\Firefox\Profiles\l8e9xwmr.default\searchplugins\cherche.xml
[2011/02/15 10:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/06 09:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/16 10:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/14 09:34:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/13 10:01:05 | 000,000,000 | ---D | M] (Anti-bannière) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/02/13 10:01:04 | 000,000,000 | ---D | M] (Analyse des liens (URL Advisor)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/07/18 00:25:35 | 000,000,000 | ---D | M] (Interest Recognizer for Freetvradio) -- C:\PROGRAM FILES (X86)\FREETVRADIO\SPOINTER\EXTENSIONS\FREETVRADIO@SPOINTER.COM
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 01:40:16 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/25 01:40:16 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/25 01:40:16 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/25 01:40:16 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/25 01:40:16 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/02/12 10:17:27 | 000,429,949 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14799 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Nettoyeur\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Interest recogniser for Freetvradio (powered by Spointer)) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll (Freetvradio)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Nettoyeur\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [MSIAfterburner] C:\Utilitaires system\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKLM..\Run: [RTSS] C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [SpybotSD TeaTimer] C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Nettoyeur\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Nettoyeur\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Nettoyeur\SpywareGuard\spywareguard.dll ()
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/24 16:47:53 | 000,000,041 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{364a6a75-df7e-11df-9d55-e0cb4eb8b63e}\Shell - "" = AutoRun
O33 - MountPoints2\{364a6a75-df7e-11df-9d55-e0cb4eb8b63e}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{767cc0f4-d904-11df-829e-e0cb4eb8b63e}\Shell - "" = AutoRun
O33 - MountPoints2\{767cc0f4-d904-11df-829e-e0cb4eb8b63e}\Shell\AutoRun\command - "" = I:\ICM_ML.exe
O33 - MountPoints2\{9f2af4a3-e009-11df-9eec-e0cb4eb8b63e}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2af4a3-e009-11df-9eec-e0cb4eb8b63e}\Shell\AutoRun\command - "" = F:\machinarium_install.exe -- [2010/03/15 15:28:14 | 000,708,255 | R--- | M] (Daedalic Entertainment )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 10:26:45 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Malwarebytes
[2011/02/16 10:26:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/16 10:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/16 10:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/16 10:26:35 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/16 10:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/02/16 10:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2011/02/16 10:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/02/16 10:01:49 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2011/02/16 09:09:56 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{EDAE28E9-52B4-47C4-9082-66C3B19921B7}
[2011/02/15 09:48:55 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{1527447F-1F52-45B9-A5B4-6542E31E2470}
[2011/02/14 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{8408EADB-EBB6-41A1-B8B3-1208C2767F94}
[2011/02/14 09:34:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/02/14 09:34:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/02/14 09:34:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/02/14 09:06:31 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{DAAA2B75-E0A2-44F0-8DF3-93F77DED89B7}
[2011/02/13 11:13:45 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011/02/13 11:05:10 | 002,155,443 | ---- | C] ( ) -- C:\Users\Public\Documents\ws-datarecovery_full542.exe
[2011/02/13 10:02:28 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{BC322BB9-CD09-4E15-8997-5420DAF9628C}
[2011/02/12 12:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/02/12 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/02/12 12:16:00 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/12 12:12:14 | 113,733,912 | ---- | C] (Kaspersky Lab) -- C:\Users\Public\Documents\kav11.0.1.400FR-INT.exe
[2011/02/12 09:59:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/12 09:59:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/12 09:59:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/12 09:59:54 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/12 09:59:54 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/12 09:59:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/12 09:59:54 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/12 09:59:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/12 09:59:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/12 09:59:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/12 09:59:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/12 09:59:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/12 09:59:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/12 09:59:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/12 09:59:33 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/12 09:59:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/12 09:59:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/12 09:59:31 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/12 09:59:31 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/12 09:59:31 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/12 09:59:30 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/12 09:59:29 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/12 09:59:29 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/12 09:59:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/12 09:59:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/12 09:51:45 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{5280EB3C-23FC-4B83-BA3E-E0C1286BC8E5}
[2011/02/11 13:24:57 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9A033424-A34B-4F85-98F7-EE3ED401A782}
[2011/02/10 13:47:20 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{83637CDE-616C-43F5-97C2-AC067DFA966C}
[2011/02/10 13:28:16 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{44232CCB-1ECD-45BE-BEAB-D8A98EC375E8}
[2011/02/09 13:34:59 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{80B7F78B-13B0-4332-B0B4-904069B96683}
[2011/02/08 17:36:17 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{39C6F313-2861-476D-8D59-AB70C8CEE1BE}
[2011/02/08 15:32:40 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{F2375F16-CA9F-4B05-B59A-B0FF34741BCE}
[2011/02/07 19:16:07 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/02/07 19:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/07 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/07 19:14:58 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Public\Documents\SkypeSetup.exe
[2011/02/07 15:16:16 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{7451A5E3-B143-49BC-B59F-33DB72ABCF9A}
[2011/02/07 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{7492B096-F592-4995-A1CE-E7530DF94E39}
[2011/02/07 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{76BC5E37-0CA9-4BCB-A290-98032858657E}
[2011/02/06 12:19:04 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{22CA6539-5257-47E5-BA27-B3BB4EB1EFC4}
[2011/02/06 00:18:38 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{F4E0AAE8-F614-47FE-8CED-006B8C71F014}
[2011/02/05 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamax Poker
[2011/02/05 13:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/02/05 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011/02/05 13:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011/02/05 13:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/02/05 12:47:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/02/05 12:47:46 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\Documents\EA Games
[2011/02/05 12:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
[2011/02/05 11:23:33 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9B88B22B-042C-40DF-B9AE-60BC28949698}
[2011/02/05 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{38725971-861D-4728-9C34-953CE664AF0E}
[2011/02/04 11:28:21 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\2DBoy
[2011/02/04 11:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2011/02/04 10:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\FreshGames
[2011/02/04 10:29:05 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{94245333-9372-4F6E-A9E7-F1E522E0F57B}
[2011/02/04 09:04:24 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{3FE7E04B-DBF6-42B2-9201-EF6CC3A8B08D}
[2011/02/03 23:51:32 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9A86F58C-C5B7-4392-B384-2CDA0322D0A6}
[2011/02/03 09:04:57 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{AB32769A-3F55-4B46-A7D2-38D062808999}
[2011/02/02 09:48:23 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{3222655A-B0AF-42F2-980A-17D91DA3AAD6}
[2011/02/02 09:41:12 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{06BC920F-5B29-43BD-B98C-F0A7F89A162E}
[2011/02/02 02:17:16 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adsl TV
[2011/02/02 02:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adslTV
[2011/02/01 23:15:43 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreePack
[2011/02/01 23:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePack
[2011/02/01 23:15:28 | 000,000,000 | ---D | C] -- C:\FreePack
[2011/02/01 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{3105569E-7EE5-4662-BCA1-8DA2881F30E9}
[2011/02/01 02:50:58 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9E39E9AA-2348-40EB-A99B-BC9A15D2D131}
[2011/01/31 10:23:05 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{2F749459-FB68-4D75-8C3F-36AC1DEF31F4}
[2011/01/31 09:05:14 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{6925D034-A516-484C-98A3-151E65D4E9E8}
[2011/01/30 11:18:25 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{05FEA034-F4AD-4DD3-AD2A-6F3B89D9C994}
[2011/01/30 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{8192398D-ACF6-4F5B-AD4C-3A1482F5A530}
[2011/01/30 10:34:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\backups
[2011/01/30 10:10:59 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C990ABD1-BC74-4AD0-BF9A-755B2D991F09}
[2011/01/30 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C5670200-EE32-438D-A6D1-38C050DF5F0B}
[2011/01/30 01:07:42 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{74A0C42B-7059-4045-81C1-603063252F3E}
[2011/01/29 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{FDD288FF-7DAB-4E15-B002-8BC1E133DFF8}
[2011/01/29 19:51:30 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Documents\HiJackThis.exe
[2011/01/29 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{0DDA5C49-084C-4F68-8829-A13AC48812A4}
[2011/01/29 12:10:51 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{DF79E665-AA50-4251-A886-E3252A5FE120}
[2011/01/29 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C4FDB10E-A973-4EC0-B314-D8BC505795EA}
[2011/01/28 16:29:46 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{85BB5BA4-46CB-47CE-BEE7-89DE3D2747D7}
[2011/01/27 17:56:12 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{754AEB21-8324-4D4E-B466-88A09562752B}
[2011/01/27 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{E5D07072-BD30-4F1F-A3F7-1F40B1CF74E6}
[2011/01/26 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{F03F767F-5CA7-48C1-ABF4-6B20E653F4E3}
[2011/01/25 16:09:27 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{382C3096-0B2C-4BB5-8D25-C8015CAA2F04}
[2011/01/25 13:19:44 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{BB83F9D0-F102-4EEA-A646-DAFA106CD070}
[2011/01/24 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9EFF25F9-E9E6-4D01-9B12-3D0AAEF1050B}
[2011/01/23 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{AB770E2E-832B-4299-AD01-59F428A932E9}
[2011/01/23 14:19:33 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{1B6E242A-12C5-4AC8-A18C-714B28335E6A}
[2011/01/22 23:34:29 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{D6ADDC5D-E9E0-4D76-A13F-FCADC0A4CDCB}
[2011/01/22 11:34:00 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{2558A022-068D-44F3-A52C-967F478E8331}
[2011/01/22 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{6CBCCEDB-2945-4CF0-A3CA-F33FECFAAD07}
[2011/01/21 09:37:32 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{79790C9C-1CC4-4E60-846C-10689C0D0F17}
[2011/01/20 20:48:44 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{E709EA5E-FE4D-41B9-9380-486572555EDC}
[2011/01/20 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{67AC2C8A-D2EB-4EAB-B6F6-F19A90E9F25A}
[2011/01/19 20:48:34 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{CE730B98-A6B0-4C03-9029-2BECADF6D444}
[2011/01/19 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{B18AEB1E-574F-4445-B368-618D64EE815A}
[2011/01/18 22:08:35 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{472E7F43-AD79-4B25-B368-66C0D6EE7A3A}
[2011/01/18 09:50:28 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C0A6E3C5-0717-4C47-9D1F-A357F4A743D5}
[2010/05/10 11:09:04 | 003,982,928 | ---- | C] (Spotify Ltd) -- C:\Program Files\spotify.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dagoba\*.tmp files -> C:\Users\Dagoba\*.tmp -> ]

Re: Demande rapport d'analyse Hijack and OLT

MessagePosté: 18 Fév 2011, 08:38
de ThomX45
suiite OLT

========== Files - Modified Within 30 Days ==========

[2011/02/16 10:32:43 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/02/16 10:32:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/16 10:32:25 | 2616,594,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/16 10:26:39 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/16 10:02:33 | 000,000,758 | ---- | M] () -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/02/16 10:02:33 | 000,000,754 | ---- | M] () -- C:\Users\Dagoba\Desktop\SpywareGuard LiveUpdate.lnk
[2011/02/16 10:02:33 | 000,000,722 | ---- | M] () -- C:\Users\Dagoba\Desktop\SpywareGuard.lnk
[2011/02/16 10:01:50 | 000,000,774 | ---- | M] () -- C:\Users\Dagoba\Desktop\SpywareBlaster.lnk
[2011/02/13 11:13:29 | 003,462,033 | ---- | M] () -- C:\Users\Public\Documents\pci_filerecovery.exe
[2011/02/13 11:05:17 | 002,155,443 | ---- | M] ( ) -- C:\Users\Public\Documents\ws-datarecovery_full542.exe
[2011/02/12 20:15:51 | 001,488,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/12 20:15:51 | 000,679,858 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/02/12 20:15:51 | 000,594,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/12 20:15:51 | 000,121,186 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/02/12 20:15:51 | 000,099,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/12 12:33:25 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/12 12:33:25 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/12 12:16:00 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/12 12:13:16 | 113,733,912 | ---- | M] (Kaspersky Lab) -- C:\Users\Public\Documents\kav11.0.1.400FR-INT.exe
[2011/02/12 11:47:42 | 000,007,674 | ---- | M] () -- C:\Users\Dagoba\AppData\Local\Resmon.ResmonCfg
[2011/02/12 11:33:03 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/12 10:17:27 | 000,429,949 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/02/12 10:03:48 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/12 10:03:48 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/07 19:16:07 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/07 19:14:58 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Public\Documents\SkypeSetup.exe
[2011/02/07 18:10:55 | 000,830,488 | ---- | M] () -- C:\Users\Public\Documents\ProjetAntiMalware.pdf
[2011/02/06 13:00:17 | 000,001,660 | ---- | M] () -- C:\Users\Dagoba\Desktop\moh.exe - Raccourci.lnk
[2011/02/05 19:08:04 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Winamax Poker.lnk
[2011/02/05 14:32:27 | 000,001,827 | ---- | M] () -- C:\Users\Dagoba\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/02/05 14:32:27 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/02/05 12:14:26 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\Machinarium.lnk
[2011/02/03 10:21:56 | 000,202,791 | ---- | M] () -- C:\Users\Public\Documents\Janvier_2011.pdf
[2011/02/02 02:17:16 | 000,000,893 | ---- | M] () -- C:\Users\Dagoba\Desktop\adsl TV.lnk
[2011/02/01 23:49:05 | 031,867,112 | ---- | M] () -- C:\Users\Public\Documents\setup-adsltv.exe
[2011/02/01 23:15:30 | 000,001,458 | ---- | M] () -- C:\Users\Dagoba\Desktop\-=FreePack=-.lnk
[2011/02/01 23:14:10 | 021,088,135 | ---- | M] () -- C:\Users\Public\Documents\FreePackInstall.exe
[2011/01/31 09:16:40 | 000,086,068 | ---- | M] () -- C:\Users\Public\Documents\Free demande prélevement.pdf
[2011/01/30 10:38:15 | 000,429,288 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110212-101727.backup
[2011/01/30 10:28:30 | 000,002,392 | ---- | M] () -- C:\Users\Dagoba\Desktop\HiJackThis.exe - Raccourci.lnk
[2011/01/29 19:51:30 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Documents\HiJackThis.exe
[2011/01/27 17:51:07 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/01/23 14:43:06 | 000,428,727 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110129-195058.backup
[2011/01/22 18:20:39 | 000,428,727 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110123-144306.backup
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dagoba\*.tmp files -> C:\Users\Dagoba\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/16 10:26:39 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/16 10:02:33 | 000,000,758 | ---- | C] () -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/02/16 10:02:33 | 000,000,754 | ---- | C] () -- C:\Users\Dagoba\Desktop\SpywareGuard LiveUpdate.lnk
[2011/02/16 10:02:33 | 000,000,722 | ---- | C] () -- C:\Users\Dagoba\Desktop\SpywareGuard.lnk
[2011/02/16 10:01:50 | 000,000,774 | ---- | C] () -- C:\Users\Dagoba\Desktop\SpywareBlaster.lnk
[2011/02/13 11:13:09 | 003,462,033 | ---- | C] () -- C:\Users\Public\Documents\pci_filerecovery.exe
[2011/02/12 12:16:55 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/12 12:16:55 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/07 19:16:07 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/07 18:10:55 | 000,830,488 | ---- | C] () -- C:\Users\Public\Documents\ProjetAntiMalware.pdf
[2011/02/06 13:00:17 | 000,001,660 | ---- | C] () -- C:\Users\Dagoba\Desktop\moh.exe - Raccourci.lnk
[2011/02/05 14:32:27 | 000,001,827 | ---- | C] () -- C:\Users\Dagoba\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/02/05 14:32:27 | 000,001,815 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/02/05 14:32:27 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/02/05 12:14:26 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\Machinarium.lnk
[2011/02/03 10:21:56 | 000,202,791 | ---- | C] () -- C:\Users\Public\Documents\Janvier_2011.pdf
[2011/02/02 22:46:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2011/02/02 02:17:16 | 000,000,893 | ---- | C] () -- C:\Users\Dagoba\Desktop\adsl TV.lnk
[2011/02/01 23:47:40 | 031,867,112 | ---- | C] () -- C:\Users\Public\Documents\setup-adsltv.exe
[2011/02/01 23:15:30 | 000,001,458 | ---- | C] () -- C:\Users\Dagoba\Desktop\-=FreePack=-.lnk
[2011/02/01 23:12:37 | 021,088,135 | ---- | C] () -- C:\Users\Public\Documents\FreePackInstall.exe
[2011/01/31 09:16:40 | 000,086,068 | ---- | C] () -- C:\Users\Public\Documents\Free demande prélevement.pdf
[2011/01/30 10:28:30 | 000,002,392 | ---- | C] () -- C:\Users\Dagoba\Desktop\HiJackThis.exe - Raccourci.lnk
[2010/12/15 16:29:14 | 000,004,608 | ---- | C] () -- C:\Users\Dagoba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/12 21:25:49 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/12 01:28:15 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSASV2.DLL
[2010/12/12 01:23:37 | 000,047,716 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/12/12 01:11:36 | 000,033,988 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/12/12 01:08:37 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/12/12 01:08:37 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/11/10 02:04:51 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\nladm.ini
[2010/10/26 13:10:45 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/15 09:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010/09/15 09:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010/09/15 09:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010/09/15 09:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/09/14 18:39:02 | 000,000,473 | ---- | C] () -- C:\Windows\ipwatch.ini
[2010/07/18 11:31:14 | 000,007,674 | ---- | C] () -- C:\Users\Dagoba\AppData\Local\Resmon.ResmonCfg
[2010/07/18 11:09:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/18 11:08:45 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/18 11:08:45 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/18 00:50:05 | 000,019,456 | ---- | C] () -- C:\Users\Dagoba\AppData\Local\WebpageIcons.db
[2010/07/17 19:15:25 | 000,090,873 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2009/10/06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 03:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/10/25 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\2K Sports
[2010/10/26 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Ableton
[2010/08/03 20:48:26 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\BitComet
[2010/11/08 01:58:07 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Cycling '74
[2010/10/24 15:55:10 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\DAEMON Tools Lite
[2010/10/26 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\DAEMON Tools Pro
[2010/07/18 00:33:16 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\freeTVRadio
[2010/12/19 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\gtk-2.0
[2010/10/26 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\MotioninJoy
[2010/07/17 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Opera
[2010/11/08 02:00:00 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\PACE Anti-Piracy
[2010/10/16 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\PC Suite
[2010/10/24 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Propellerhead Software
[2010/10/16 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Samsung
[2010/08/02 09:52:12 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Skinux
[2010/12/22 23:31:12 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Spore
[2011/02/12 14:22:50 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Spotify
[2010/11/07 01:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Steinberg
[2010/09/14 08:00:26 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\The Creative Assembly
[2010/07/17 23:14:10 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Thunderbird
[2011/01/16 02:48:07 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Ubisoft
[2010/10/10 00:24:25 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Unity
[2010/08/01 22:38:35 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
[2010/11/17 15:48:28 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Waves Audio
[2010/11/17 15:43:44 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Waves Preferences
[2010/10/23 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Wormux
[2010/12/07 23:23:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1186 bytes -> C:\Users\Dagoba\AppData\Local\08AMbQoMI200L:Cs3JRST9yVKjjKVBm3xkfFw
@Alternate Data Stream - 1146 bytes -> C:\ProgramData\Microsoft:TqNxJcCNwqAwqeuS90oYZHkd
@Alternate Data Stream - 1103 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:aYwHaWhG3qN1fTYY8A
@Alternate Data Stream - 1048 bytes -> C:\ProgramData\Microsoft:L0W7L70usYrtGJJ6tvjxKFp

< End of report >

OlT Extra
OTL Extras logfile created on: 16/02/2011 10:46:34 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Nettoyeur
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 117,39 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive F: | 373,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 931,28 Gb Total Space | 640,68 Gb Free Space | 68,80% Space Free | Partition Type: FAT32

Computer Name: DAGOBABRAIN | User Name: Dagoba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{6EF9B1D9-57B0-439D-84E7-90CEFBAC4F4F}" = Ma-Config.com (64 bits)
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DADBFD45-EEDA-E6A4-469C-2F772132E251}" = ATI AVIVO64 Codecs
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Barre d'outils Bing
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.0 (DX11)
"{0D5FAD7E-C1A2-4753-8A28-346A5CD42813}" = Defense Grid: The Awakening
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2945BF05-EDBE-4EA7-8C3F-605E84678034}" = ArcSoft WebCam Companion 3
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}" = Free TV Radio
"{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{5373B31F-9A82-5930-9776-91CC9398BA63}" = Winamax Poker
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F1C635-8EF7-4AF1-9844-14C8AC273BA1}" = ASUS VideoSecurity Online
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Afterburner" = MSI Afterburner 1.6.1
"BloodBowl_is1" = Blood Bowl 1.1.3.3
"Caprice32" = Caprice32
"FreePack" = FreePack
"HijackThis" = HijackThis 2.0.2
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"JDownloader" = JDownloader
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Live 8.2" = Live 8.2
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MyFreeCodec" = MyFreeCodec
"OpenAL" = OpenAL
"Opera 11.01.1190" = Opera 11.01
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"Reason5_is1" = Reason 5.0
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17390" = Spore
"Steam App 21090" = F.E.A.R.
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 38720" = RUSH
"Steam App 40800" = Super Meat Boy
"Steam App 45300" = Wings of Prey
"Steam App 46000" = Bob Came in Pieces
"Steam App 48120" = The Settlers 7: Paths to a Kingdom
"Steam App 62000" = Flight Control HD
"SuperCopier2" = SuperCopier2
"VLC media player" = VLC media player 1.0.1
"wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
"Waves API Collection" = Waves API Collection
"Waves Diamond Bundle 4.05" = Waves Diamond Bundle 4.05
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"yuPlay клиент_is1" = yuPlay client 0.7.17

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FreeTrack v2.2.0.279" = FreeTrack v2.2.0.279
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/02/2011 07:01:35 | Computer Name = DagobaBrain | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante avp.exe, version : 11.0.1.419, horodatage
: 0x4c866eb3 Nom du module défaillant : prloader.dll, version : 11.0.1.400, horodatage
: 0x4c2cd192 Code d’exception : 0xc00000fd Décalage d’erreur : 0x00022a47 ID du processus
défaillant : 0x34c Heure de début de l’application défaillante : 0x01cbcaa43310d371
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Kaspersky Lab\Kaspersky
Internet Security 2011\avp.exe Chemin d’accès du module défaillant: C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security 2011\prloader.dll ID de rapport
: 74656aff-3697-11e0-aefd-e0cb4eb8b63e

Error - 12/02/2011 07:03:43 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 12/02/2011 12:53:15 | Computer Name = DagobaBrain | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\nettoyeur\spybot
- search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste ou de stratégie
« c:\nettoyeur\spybot - search & destroy\DelZip179.dll » à la ligne 8. La valeur
« * » de l’attribut « language » de l’élément « assemblyIdentity » n’est pas valide.

Error - 13/02/2011 05:00:53 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 13/02/2011 05:02:02 | Computer Name = DagobaBrain | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante TeaTimer.exe, version : 1.6.6.32,
horodatage : 0x2a425e19 Nom du module défaillant : TeaTimer.exe, version : 1.6.6.32,
horodatage : 0x2a425e19 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00006ddb
ID
du processus défaillant : 0x938 Heure de début de l’application défaillante : 0x01cbcb5c95854919
Chemin
d’accès de l’application défaillante : C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
Chemin
d’accès du module défaillant: C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
ID
de rapport : eb89493b-374f-11e0-a6d0-e0cb4eb8b63e

Error - 14/02/2011 04:05:23 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 14/02/2011 05:53:12 | Computer Name = DagobaBrain | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\nettoyeur\spybot
- search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste ou de stratégie
« c:\nettoyeur\spybot - search & destroy\DelZip179.dll » à la ligne 8. La valeur
« * » de l’attribut « language » de l’élément « assemblyIdentity » n’est pas valide.

Error - 15/02/2011 04:47:28 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 16/02/2011 04:08:35 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 16/02/2011 05:32:43 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

[ System Events ]
Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:31 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:32 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:42 | Computer Name = DagobaBrain | Source = Service Control Manager | ID = 7000
Description = Le service LibUsb-Win32 - Daemon, Version 0.1.10.1 n’a pas pu démarrer
en raison de l’erreur : %%2

Error - 23/11/2010 17:19:58 | Computer Name = DagobaBrain | Source = Service Control Manager | ID = 7000
Description = Le service Network LookOut Agent n’a pas pu démarrer en raison de
l’erreur : %%2


< End of report >

Re: Demande rapport d'analyse Hijack and OLT

MessagePosté: 18 Fév 2011, 08:39
de ThomX45
Hijack 1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:32, on 16/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\freeTVRadio\spointer\freetvradio_air.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Public\Documents\HiJackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [RTSS] "C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Utilitaires system\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - \\CHEWBACCA\SharedDocs\Network LookOut Administrator Pro\bin\NLAgentProSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10364 bytes

Re: Demande rapport d'analyse Hijack and OLT

MessagePosté: 18 Fév 2011, 08:40
de ThomX45
Hijack 2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:03, on 16/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
C:\Nettoyeur\SpywareGuard\sgmain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Nettoyeur\SpywareGuard\sgbhp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Public\Documents\HiJackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Nettoyeur\SpywareGuard\dlprotect.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [RTSS] "C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Utilitaires system\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Nettoyeur\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - \\CHEWBACCA\SharedDocs\Network LookOut Administrator Pro\bin\NLAgentProSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10398 bytes

Re: Demande rapport d'analyse Hijack and OLT

MessagePosté: 20 Fév 2011, 01:51
de nickW
Bonsoir,

Questions préliminaires:

S'agit-il d'une version officielle (sous licence) de Windows 7?

SpywareGuard est-il compatible Windows 7?

SpywareGuard est-il compatible Windows 7 64bit?



Liste du contenu de certains dossiers:

Étape 1: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
http://images.malwareremoval.com/jpshor ... ok_x64.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: SystemLook (de jpshortstuff)
Faire un clic droit sur SystemLook_x64.exe situé sur le Bureau, puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
:comment
:dir
C:\Users\Dagoba\AppData\Local\{EDAE28E9-52B4-47C4-9082-66C3B19921B7} /s
C:\Users\Dagoba\AppData\Local\{1527447F-1F52-45B9-A5B4-6542E31E2470} /s
C:\Users\Dagoba\AppData\Local\{9A033424-A34B-4F85-98F7-EE3ED401A782} /s
C:\Users\Dagoba\AppData\Local\{76BC5E37-0CA9-4BCB-A290-98032858657E} /s
C:\Users\Dagoba\AppData\Local\{9A86F58C-C5B7-4392-B384-2CDA0322D0A6} /s
C:\Users\Dagoba\AppData\Local\{05FEA034-F4AD-4DD3-AD2A-6F3B89D9C994} /s
C:\Users\Dagoba\AppData\Local\{E5D07072-BD30-4F1F-A3F7-1F40B1CF74E6} /s
C:\Users\Dagoba\AppData\Local\{6CBCCEDB-2945-4CF0-A3CA-F33FECFAAD07} /s
C:\Users\Dagoba\AppData\Local\{C0A6E3C5-0717-4C47-9D1F-A357F4A743D5} /s




Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)

A suivre,

Re: Demande rapport d'analyse Hijack and OLT

MessagePosté: 20 Fév 2011, 11:08
de ThomX45
Je pense que vous savez déja pour la version de windows? Donc oui vos doute sont tot a fait légitime.
Et merci de m'avoir répondu.
Voici le rapport sytemlook:

SystemLook 04.09.10 by jpshortstuff
Log created at 11:04 on 20/02/2011 by Dagoba
Administrator - Elevation successful

========== dir ==========

C:\Users\Dagoba\AppData\Local\{EDAE28E9-52B4-47C4-9082-66C3B19921B7} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{1527447F-1F52-45B9-A5B4-6542E31E2470} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{9A033424-A34B-4F85-98F7-EE3ED401A782} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{76BC5E37-0CA9-4BCB-A290-98032858657E} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{9A86F58C-C5B7-4392-B384-2CDA0322D0A6} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{05FEA034-F4AD-4DD3-AD2A-6F3B89D9C994} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{E5D07072-BD30-4F1F-A3F7-1F40B1CF74E6} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{6CBCCEDB-2945-4CF0-A3CA-F33FECFAAD07} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{C0A6E3C5-0717-4C47-9D1F-A357F4A743D5} - Parameters: "/s"

---Files---
None found.

No folders found.

-= EOF =-