Demande rapport d'analyse Hijack and OLT

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande rapport d'analyse Hijack and OLT

Messagede ThomX45 » 16 Fév 2011, 10:51

Bonjour je vous envoie cet demande suite a l'infection d'un trajan et plusieur problème de réseaux que je n'arrive pas a résoudre chez moi j'ai fait une désinfection avec Kapersky un rapport d'OLT et hijackthis.
Mon sytem est un windows 7 64 bits. Depuis quelque temps mes disques dur ce mettent à écrire sans que je leur demande j'ai chercher d'ou ça venait mais n'étant pas un expert je ne suis pas sur d'avoir éradiquer la menace c'est peut être windows 7 qui défragment les disques?
Rapport malware
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5772

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/02/2011 10:31:01
mbam-log-2011-02-16 (10-31-01).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 157623
Temps écoulé: 2 minute(s), 12 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Rapport OLT :
OTL logfile created on: 16/02/2011 10:46:34 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Nettoyeur
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 117,39 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive F: | 373,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 931,28 Gb Total Space | 640,68 Gb Free Space | 68,80% Space Free | Partition Type: FAT32

Computer Name: DAGOBABRAIN | User Name: Dagoba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/16 10:17:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Nettoyeur\OTL.exe
PRC - [2011/02/05 14:32:18 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010/12/05 14:01:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/06/07 04:56:14 | 000,113,976 | ---- | M] () -- C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2010/04/22 15:56:42 | 001,109,120 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
PRC - [2009/08/19 18:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/08/16 20:36:06 | 000,955,392 | ---- | M] (SFX TEAM) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
PRC - [2009/04/23 14:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Nettoyeur\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Nettoyeur\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/02/16 10:17:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Nettoyeur\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/16 05:40:16 | 000,069,632 | ---- | M] () -- C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/20 15:16:28 | 000,326,144 | ---- | M] (CybelSoft) [Disabled | Stopped] -- C:\Program Files\ma-config.com\x64\maconfservice.exe -- (maconfservice)
SRV:64bit: - [2010/10/27 03:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/15 09:42:12 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/09/15 09:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/08/02 09:51:33 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Windows\Installer\MSI3509.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/02 18:53:38 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/08/19 18:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/02/12 12:16:00 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/01/16 02:43:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/01/16 02:43:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/12/25 02:27:23 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/25 02:27:23 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/12/25 02:27:21 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/12/25 02:27:10 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2010/10/27 05:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/27 05:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/27 03:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/24 15:47:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/21 14:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/10/13 19:47:57 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2010/09/24 13:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/15 09:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/15 09:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/08/30 11:19:54 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
DRV:64bit: - [2010/08/19 18:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/09 12:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/06/23 08:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/27 03:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/27 03:25:22 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV:64bit: - [2010/04/27 03:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/04/27 03:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/08 15:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/16 10:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/10/24 03:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/04/04 13:30:06 | 000,178,560 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHFFB5.sys -- (SaiHFFB5)
DRV:64bit: - [2008/04/04 13:30:06 | 000,020,864 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiIFFB5.sys -- (SaiIFFB5) Immersion's HID USB Driver (FFB5)
DRV:64bit: - [2007/12/11 03:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/03 03:20:54 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0)
DRV - [2010/09/15 09:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/09/15 09:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2008/02/15 15:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Utilitaires system\Live Update 4\LU4\Flashsys64.sys -- (FLASHSYS)
DRV - [2005/03/09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=par ... FFF0%3B&q={searchTerms}
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D D3 81 03 D0 25 CB 01 [binary data]
IE - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: freetvradio@spointer.com:3.0.1474.124
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\freetvradio@spointer.com: C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio@spointer.com [2010/07/18 00:25:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 16:46:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 16:46:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Thunderbird\components [2011/02/12 12:01:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt_2_x [2011/02/12 12:16:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt_3_1_x [2011/02/12 12:16:26 | 000,000,000 | ---D | M]

[2010/09/13 11:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dagoba\AppData\Roaming\mozilla\Extensions
[2010/07/17 23:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dagoba\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/25 02:26:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dagoba\AppData\Roaming\mozilla\Firefox\Profiles\l8e9xwmr.default\extensions
[2010/11/04 16:31:55 | 000,001,575 | ---- | M] () -- C:\Users\Dagoba\AppData\Roaming\Mozilla\Firefox\Profiles\l8e9xwmr.default\searchplugins\cherche.xml
[2011/02/15 10:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/06 09:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/16 10:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/14 09:34:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/13 10:01:05 | 000,000,000 | ---D | M] (Anti-bannière) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/02/13 10:01:04 | 000,000,000 | ---D | M] (Analyse des liens (URL Advisor)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/07/18 00:25:35 | 000,000,000 | ---D | M] (Interest Recognizer for Freetvradio) -- C:\PROGRAM FILES (X86)\FREETVRADIO\SPOINTER\EXTENSIONS\FREETVRADIO@SPOINTER.COM
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/25 01:40:16 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/25 01:40:16 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/25 01:40:16 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/25 01:40:16 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/25 01:40:16 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/02/12 10:17:27 | 000,429,949 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14799 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Nettoyeur\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Interest recogniser for Freetvradio (powered by Spointer)) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll (Freetvradio)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Nettoyeur\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [MSIAfterburner] C:\Utilitaires system\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKLM..\Run: [RTSS] C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [SpybotSD TeaTimer] C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Nettoyeur\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Nettoyeur\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Nettoyeur\SpywareGuard\spywareguard.dll ()
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/24 16:47:53 | 000,000,041 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{364a6a75-df7e-11df-9d55-e0cb4eb8b63e}\Shell - "" = AutoRun
O33 - MountPoints2\{364a6a75-df7e-11df-9d55-e0cb4eb8b63e}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{767cc0f4-d904-11df-829e-e0cb4eb8b63e}\Shell - "" = AutoRun
O33 - MountPoints2\{767cc0f4-d904-11df-829e-e0cb4eb8b63e}\Shell\AutoRun\command - "" = I:\ICM_ML.exe
O33 - MountPoints2\{9f2af4a3-e009-11df-9eec-e0cb4eb8b63e}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2af4a3-e009-11df-9eec-e0cb4eb8b63e}\Shell\AutoRun\command - "" = F:\machinarium_install.exe -- [2010/03/15 15:28:14 | 000,708,255 | R--- | M] (Daedalic Entertainment )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/16 10:26:45 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Malwarebytes
[2011/02/16 10:26:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/16 10:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/16 10:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/16 10:26:35 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/16 10:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/02/16 10:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareGuard
[2011/02/16 10:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/02/16 10:01:49 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2011/02/16 09:09:56 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{EDAE28E9-52B4-47C4-9082-66C3B19921B7}
[2011/02/15 09:48:55 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{1527447F-1F52-45B9-A5B4-6542E31E2470}
[2011/02/14 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{8408EADB-EBB6-41A1-B8B3-1208C2767F94}
[2011/02/14 09:34:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/02/14 09:34:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/02/14 09:34:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/02/14 09:06:31 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{DAAA2B75-E0A2-44F0-8DF3-93F77DED89B7}
[2011/02/13 11:13:45 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011/02/13 11:05:10 | 002,155,443 | ---- | C] ( ) -- C:\Users\Public\Documents\ws-datarecovery_full542.exe
[2011/02/13 10:02:28 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{BC322BB9-CD09-4E15-8997-5420DAF9628C}
[2011/02/12 12:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/02/12 12:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/02/12 12:16:00 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/12 12:12:14 | 113,733,912 | ---- | C] (Kaspersky Lab) -- C:\Users\Public\Documents\kav11.0.1.400FR-INT.exe
[2011/02/12 09:59:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/12 09:59:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/12 09:59:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/12 09:59:54 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/12 09:59:54 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/12 09:59:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/12 09:59:54 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/12 09:59:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/12 09:59:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/12 09:59:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/12 09:59:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/12 09:59:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/12 09:59:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/12 09:59:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/12 09:59:33 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/12 09:59:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/12 09:59:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/12 09:59:31 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/12 09:59:31 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/12 09:59:31 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/12 09:59:30 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/12 09:59:29 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/12 09:59:29 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/12 09:59:29 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/12 09:59:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/12 09:51:45 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{5280EB3C-23FC-4B83-BA3E-E0C1286BC8E5}
[2011/02/11 13:24:57 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9A033424-A34B-4F85-98F7-EE3ED401A782}
[2011/02/10 13:47:20 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{83637CDE-616C-43F5-97C2-AC067DFA966C}
[2011/02/10 13:28:16 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{44232CCB-1ECD-45BE-BEAB-D8A98EC375E8}
[2011/02/09 13:34:59 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{80B7F78B-13B0-4332-B0B4-904069B96683}
[2011/02/08 17:36:17 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{39C6F313-2861-476D-8D59-AB70C8CEE1BE}
[2011/02/08 15:32:40 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{F2375F16-CA9F-4B05-B59A-B0FF34741BCE}
[2011/02/07 19:16:07 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/02/07 19:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/02/07 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/07 19:14:58 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Public\Documents\SkypeSetup.exe
[2011/02/07 15:16:16 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{7451A5E3-B143-49BC-B59F-33DB72ABCF9A}
[2011/02/07 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{7492B096-F592-4995-A1CE-E7530DF94E39}
[2011/02/07 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{76BC5E37-0CA9-4BCB-A290-98032858657E}
[2011/02/06 12:19:04 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{22CA6539-5257-47E5-BA27-B3BB4EB1EFC4}
[2011/02/06 00:18:38 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{F4E0AAE8-F614-47FE-8CED-006B8C71F014}
[2011/02/05 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamax Poker
[2011/02/05 13:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/02/05 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011/02/05 13:04:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011/02/05 13:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/02/05 12:47:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2011/02/05 12:47:46 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\Documents\EA Games
[2011/02/05 12:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
[2011/02/05 11:23:33 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9B88B22B-042C-40DF-B9AE-60BC28949698}
[2011/02/05 11:03:27 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{38725971-861D-4728-9C34-953CE664AF0E}
[2011/02/04 11:28:21 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\2DBoy
[2011/02/04 11:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2011/02/04 10:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\FreshGames
[2011/02/04 10:29:05 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{94245333-9372-4F6E-A9E7-F1E522E0F57B}
[2011/02/04 09:04:24 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{3FE7E04B-DBF6-42B2-9201-EF6CC3A8B08D}
[2011/02/03 23:51:32 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9A86F58C-C5B7-4392-B384-2CDA0322D0A6}
[2011/02/03 09:04:57 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{AB32769A-3F55-4B46-A7D2-38D062808999}
[2011/02/02 09:48:23 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{3222655A-B0AF-42F2-980A-17D91DA3AAD6}
[2011/02/02 09:41:12 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{06BC920F-5B29-43BD-B98C-F0A7F89A162E}
[2011/02/02 02:17:16 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adsl TV
[2011/02/02 02:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adslTV
[2011/02/01 23:15:43 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreePack
[2011/02/01 23:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePack
[2011/02/01 23:15:28 | 000,000,000 | ---D | C] -- C:\FreePack
[2011/02/01 22:17:30 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{3105569E-7EE5-4662-BCA1-8DA2881F30E9}
[2011/02/01 02:50:58 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9E39E9AA-2348-40EB-A99B-BC9A15D2D131}
[2011/01/31 10:23:05 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{2F749459-FB68-4D75-8C3F-36AC1DEF31F4}
[2011/01/31 09:05:14 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{6925D034-A516-484C-98A3-151E65D4E9E8}
[2011/01/30 11:18:25 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{05FEA034-F4AD-4DD3-AD2A-6F3B89D9C994}
[2011/01/30 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{8192398D-ACF6-4F5B-AD4C-3A1482F5A530}
[2011/01/30 10:34:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\backups
[2011/01/30 10:10:59 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C990ABD1-BC74-4AD0-BF9A-755B2D991F09}
[2011/01/30 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C5670200-EE32-438D-A6D1-38C050DF5F0B}
[2011/01/30 01:07:42 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{74A0C42B-7059-4045-81C1-603063252F3E}
[2011/01/29 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{FDD288FF-7DAB-4E15-B002-8BC1E133DFF8}
[2011/01/29 19:51:30 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Documents\HiJackThis.exe
[2011/01/29 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{0DDA5C49-084C-4F68-8829-A13AC48812A4}
[2011/01/29 12:10:51 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{DF79E665-AA50-4251-A886-E3252A5FE120}
[2011/01/29 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C4FDB10E-A973-4EC0-B314-D8BC505795EA}
[2011/01/28 16:29:46 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{85BB5BA4-46CB-47CE-BEE7-89DE3D2747D7}
[2011/01/27 17:56:12 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{754AEB21-8324-4D4E-B466-88A09562752B}
[2011/01/27 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{E5D07072-BD30-4F1F-A3F7-1F40B1CF74E6}
[2011/01/26 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{F03F767F-5CA7-48C1-ABF4-6B20E653F4E3}
[2011/01/25 16:09:27 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{382C3096-0B2C-4BB5-8D25-C8015CAA2F04}
[2011/01/25 13:19:44 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{BB83F9D0-F102-4EEA-A646-DAFA106CD070}
[2011/01/24 13:23:09 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{9EFF25F9-E9E6-4D01-9B12-3D0AAEF1050B}
[2011/01/23 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{AB770E2E-832B-4299-AD01-59F428A932E9}
[2011/01/23 14:19:33 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{1B6E242A-12C5-4AC8-A18C-714B28335E6A}
[2011/01/22 23:34:29 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{D6ADDC5D-E9E0-4D76-A13F-FCADC0A4CDCB}
[2011/01/22 11:34:00 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{2558A022-068D-44F3-A52C-967F478E8331}
[2011/01/22 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{6CBCCEDB-2945-4CF0-A3CA-F33FECFAAD07}
[2011/01/21 09:37:32 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{79790C9C-1CC4-4E60-846C-10689C0D0F17}
[2011/01/20 20:48:44 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{E709EA5E-FE4D-41B9-9380-486572555EDC}
[2011/01/20 09:14:00 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{67AC2C8A-D2EB-4EAB-B6F6-F19A90E9F25A}
[2011/01/19 20:48:34 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{CE730B98-A6B0-4C03-9029-2BECADF6D444}
[2011/01/19 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{B18AEB1E-574F-4445-B368-618D64EE815A}
[2011/01/18 22:08:35 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{472E7F43-AD79-4B25-B368-66C0D6EE7A3A}
[2011/01/18 09:50:28 | 000,000,000 | ---D | C] -- C:\Users\Dagoba\AppData\Local\{C0A6E3C5-0717-4C47-9D1F-A357F4A743D5}
[2010/05/10 11:09:04 | 003,982,928 | ---- | C] (Spotify Ltd) -- C:\Program Files\spotify.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dagoba\*.tmp files -> C:\Users\Dagoba\*.tmp -> ]
ThomX45
 
Messages: 5
Inscription: 16 Fév 2011, 10:15

Re: Demande rapport d'analyse Hijack and OLT

Messagede ThomX45 » 18 Fév 2011, 08:38

suiite OLT

========== Files - Modified Within 30 Days ==========

[2011/02/16 10:32:43 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/02/16 10:32:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/16 10:32:25 | 2616,594,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/16 10:26:39 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/16 10:02:33 | 000,000,758 | ---- | M] () -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/02/16 10:02:33 | 000,000,754 | ---- | M] () -- C:\Users\Dagoba\Desktop\SpywareGuard LiveUpdate.lnk
[2011/02/16 10:02:33 | 000,000,722 | ---- | M] () -- C:\Users\Dagoba\Desktop\SpywareGuard.lnk
[2011/02/16 10:01:50 | 000,000,774 | ---- | M] () -- C:\Users\Dagoba\Desktop\SpywareBlaster.lnk
[2011/02/13 11:13:29 | 003,462,033 | ---- | M] () -- C:\Users\Public\Documents\pci_filerecovery.exe
[2011/02/13 11:05:17 | 002,155,443 | ---- | M] ( ) -- C:\Users\Public\Documents\ws-datarecovery_full542.exe
[2011/02/12 20:15:51 | 001,488,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/12 20:15:51 | 000,679,858 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/02/12 20:15:51 | 000,594,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/12 20:15:51 | 000,121,186 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/02/12 20:15:51 | 000,099,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/12 12:33:25 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/12 12:33:25 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/12 12:16:00 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/12 12:13:16 | 113,733,912 | ---- | M] (Kaspersky Lab) -- C:\Users\Public\Documents\kav11.0.1.400FR-INT.exe
[2011/02/12 11:47:42 | 000,007,674 | ---- | M] () -- C:\Users\Dagoba\AppData\Local\Resmon.ResmonCfg
[2011/02/12 11:33:03 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/12 10:17:27 | 000,429,949 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/02/12 10:03:48 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/12 10:03:48 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/07 19:16:07 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/07 19:14:58 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Public\Documents\SkypeSetup.exe
[2011/02/07 18:10:55 | 000,830,488 | ---- | M] () -- C:\Users\Public\Documents\ProjetAntiMalware.pdf
[2011/02/06 13:00:17 | 000,001,660 | ---- | M] () -- C:\Users\Dagoba\Desktop\moh.exe - Raccourci.lnk
[2011/02/05 19:08:04 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Winamax Poker.lnk
[2011/02/05 14:32:27 | 000,001,827 | ---- | M] () -- C:\Users\Dagoba\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/02/05 14:32:27 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/02/05 12:14:26 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\Machinarium.lnk
[2011/02/03 10:21:56 | 000,202,791 | ---- | M] () -- C:\Users\Public\Documents\Janvier_2011.pdf
[2011/02/02 02:17:16 | 000,000,893 | ---- | M] () -- C:\Users\Dagoba\Desktop\adsl TV.lnk
[2011/02/01 23:49:05 | 031,867,112 | ---- | M] () -- C:\Users\Public\Documents\setup-adsltv.exe
[2011/02/01 23:15:30 | 000,001,458 | ---- | M] () -- C:\Users\Dagoba\Desktop\-=FreePack=-.lnk
[2011/02/01 23:14:10 | 021,088,135 | ---- | M] () -- C:\Users\Public\Documents\FreePackInstall.exe
[2011/01/31 09:16:40 | 000,086,068 | ---- | M] () -- C:\Users\Public\Documents\Free demande prélevement.pdf
[2011/01/30 10:38:15 | 000,429,288 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110212-101727.backup
[2011/01/30 10:28:30 | 000,002,392 | ---- | M] () -- C:\Users\Dagoba\Desktop\HiJackThis.exe - Raccourci.lnk
[2011/01/29 19:51:30 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Documents\HiJackThis.exe
[2011/01/27 17:51:07 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/01/23 14:43:06 | 000,428,727 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110129-195058.backup
[2011/01/22 18:20:39 | 000,428,727 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110123-144306.backup
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dagoba\*.tmp files -> C:\Users\Dagoba\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/16 10:26:39 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/16 10:02:33 | 000,000,758 | ---- | C] () -- C:\Users\Dagoba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2011/02/16 10:02:33 | 000,000,754 | ---- | C] () -- C:\Users\Dagoba\Desktop\SpywareGuard LiveUpdate.lnk
[2011/02/16 10:02:33 | 000,000,722 | ---- | C] () -- C:\Users\Dagoba\Desktop\SpywareGuard.lnk
[2011/02/16 10:01:50 | 000,000,774 | ---- | C] () -- C:\Users\Dagoba\Desktop\SpywareBlaster.lnk
[2011/02/13 11:13:09 | 003,462,033 | ---- | C] () -- C:\Users\Public\Documents\pci_filerecovery.exe
[2011/02/12 12:16:55 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/12 12:16:55 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/07 19:16:07 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/02/07 18:10:55 | 000,830,488 | ---- | C] () -- C:\Users\Public\Documents\ProjetAntiMalware.pdf
[2011/02/06 13:00:17 | 000,001,660 | ---- | C] () -- C:\Users\Dagoba\Desktop\moh.exe - Raccourci.lnk
[2011/02/05 14:32:27 | 000,001,827 | ---- | C] () -- C:\Users\Dagoba\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/02/05 14:32:27 | 000,001,815 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/02/05 14:32:27 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/02/05 12:14:26 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\Machinarium.lnk
[2011/02/03 10:21:56 | 000,202,791 | ---- | C] () -- C:\Users\Public\Documents\Janvier_2011.pdf
[2011/02/02 22:46:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2011/02/02 02:17:16 | 000,000,893 | ---- | C] () -- C:\Users\Dagoba\Desktop\adsl TV.lnk
[2011/02/01 23:47:40 | 031,867,112 | ---- | C] () -- C:\Users\Public\Documents\setup-adsltv.exe
[2011/02/01 23:15:30 | 000,001,458 | ---- | C] () -- C:\Users\Dagoba\Desktop\-=FreePack=-.lnk
[2011/02/01 23:12:37 | 021,088,135 | ---- | C] () -- C:\Users\Public\Documents\FreePackInstall.exe
[2011/01/31 09:16:40 | 000,086,068 | ---- | C] () -- C:\Users\Public\Documents\Free demande prélevement.pdf
[2011/01/30 10:28:30 | 000,002,392 | ---- | C] () -- C:\Users\Dagoba\Desktop\HiJackThis.exe - Raccourci.lnk
[2010/12/15 16:29:14 | 000,004,608 | ---- | C] () -- C:\Users\Dagoba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/12 21:25:49 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2010/12/12 01:28:15 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\ASUSASV2.DLL
[2010/12/12 01:23:37 | 000,047,716 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/12/12 01:11:36 | 000,033,988 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/12/12 01:08:37 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/12/12 01:08:37 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/11/10 02:04:51 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\nladm.ini
[2010/10/26 13:10:45 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/15 09:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010/09/15 09:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010/09/15 09:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010/09/15 09:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/09/14 18:39:02 | 000,000,473 | ---- | C] () -- C:\Windows\ipwatch.ini
[2010/07/18 11:31:14 | 000,007,674 | ---- | C] () -- C:\Users\Dagoba\AppData\Local\Resmon.ResmonCfg
[2010/07/18 11:09:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/18 11:08:45 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/18 11:08:45 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/18 00:50:05 | 000,019,456 | ---- | C] () -- C:\Users\Dagoba\AppData\Local\WebpageIcons.db
[2010/07/17 19:15:25 | 000,090,873 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2009/10/06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 03:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/10/25 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\2K Sports
[2010/10/26 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Ableton
[2010/08/03 20:48:26 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\BitComet
[2010/11/08 01:58:07 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Cycling '74
[2010/10/24 15:55:10 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\DAEMON Tools Lite
[2010/10/26 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\DAEMON Tools Pro
[2010/07/18 00:33:16 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\freeTVRadio
[2010/12/19 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\gtk-2.0
[2010/10/26 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\MotioninJoy
[2010/07/17 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Opera
[2010/11/08 02:00:00 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\PACE Anti-Piracy
[2010/10/16 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\PC Suite
[2010/10/24 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Propellerhead Software
[2010/10/16 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Samsung
[2010/08/02 09:52:12 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Skinux
[2010/12/22 23:31:12 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Spore
[2011/02/12 14:22:50 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Spotify
[2010/11/07 01:50:37 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Steinberg
[2010/09/14 08:00:26 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\The Creative Assembly
[2010/07/17 23:14:10 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Thunderbird
[2011/01/16 02:48:07 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Ubisoft
[2010/10/10 00:24:25 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Unity
[2010/08/01 22:38:35 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
[2010/11/17 15:48:28 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Waves Audio
[2010/11/17 15:43:44 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Waves Preferences
[2010/10/23 17:06:20 | 000,000,000 | ---D | M] -- C:\Users\Dagoba\AppData\Roaming\Wormux
[2010/12/07 23:23:49 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1186 bytes -> C:\Users\Dagoba\AppData\Local\08AMbQoMI200L:Cs3JRST9yVKjjKVBm3xkfFw
@Alternate Data Stream - 1146 bytes -> C:\ProgramData\Microsoft:TqNxJcCNwqAwqeuS90oYZHkd
@Alternate Data Stream - 1103 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:aYwHaWhG3qN1fTYY8A
@Alternate Data Stream - 1048 bytes -> C:\ProgramData\Microsoft:L0W7L70usYrtGJJ6tvjxKFp

< End of report >

OlT Extra
OTL Extras logfile created on: 16/02/2011 10:46:34 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Nettoyeur
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 117,39 Gb Free Space | 25,20% Space Free | Partition Type: NTFS
Drive F: | 373,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 931,28 Gb Total Space | 640,68 Gb Free Space | 68,80% Space Free | Partition Type: FAT32

Computer Name: DAGOBABRAIN | User Name: Dagoba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{6EF9B1D9-57B0-439D-84E7-90CEFBAC4F4F}" = Ma-Config.com (64 bits)
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DADBFD45-EEDA-E6A4-469C-2F772132E251}" = ATI AVIVO64 Codecs
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Barre d'outils Bing
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.0 (DX11)
"{0D5FAD7E-C1A2-4753-8A28-346A5CD42813}" = Defense Grid: The Awakening
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2945BF05-EDBE-4EA7-8C3F-605E84678034}" = ArcSoft WebCam Companion 3
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{38470B46-9BF1-40AE-A588-F6AD6D1C2D42}" = Free TV Radio
"{3AFDD2C6-8663-46B5-B195-6CEB00D44768}" = adsl TV
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{4D96D2F0-8FB4-45C2-9B80-2DCB88016316}_is1" = Machinarium
"{5373B31F-9A82-5930-9776-91CC9398BA63}" = Winamax Poker
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.44 by Dormine
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F1C635-8EF7-4AF1-9844-14C8AC273BA1}" = ASUS VideoSecurity Online
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Afterburner" = MSI Afterburner 1.6.1
"BloodBowl_is1" = Blood Bowl 1.1.3.3
"Caprice32" = Caprice32
"FreePack" = FreePack
"HijackThis" = HijackThis 2.0.2
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"JDownloader" = JDownloader
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Live 8.2" = Live 8.2
"Liveupdate4_is1" = Liveupdate4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MyFreeCodec" = MyFreeCodec
"OpenAL" = OpenAL
"Opera 11.01.1190" = Opera 11.01
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"Reason5_is1" = Reason 5.0
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 17390" = Spore
"Steam App 21090" = F.E.A.R.
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 38720" = RUSH
"Steam App 40800" = Super Meat Boy
"Steam App 45300" = Wings of Prey
"Steam App 46000" = Bob Came in Pieces
"Steam App 48120" = The Settlers 7: Paths to a Kingdom
"Steam App 62000" = Flight Control HD
"SuperCopier2" = SuperCopier2
"VLC media player" = VLC media player 1.0.1
"wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1" = Winamax Poker
"Waves API Collection" = Waves API Collection
"Waves Diamond Bundle 4.05" = Waves Diamond Bundle 4.05
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"yuPlay клиент_is1" = yuPlay client 0.7.17

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3284958602-256422042-1480232442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FreeTrack v2.2.0.279" = FreeTrack v2.2.0.279
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/02/2011 07:01:35 | Computer Name = DagobaBrain | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante avp.exe, version : 11.0.1.419, horodatage
: 0x4c866eb3 Nom du module défaillant : prloader.dll, version : 11.0.1.400, horodatage
: 0x4c2cd192 Code d’exception : 0xc00000fd Décalage d’erreur : 0x00022a47 ID du processus
défaillant : 0x34c Heure de début de l’application défaillante : 0x01cbcaa43310d371
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Kaspersky Lab\Kaspersky
Internet Security 2011\avp.exe Chemin d’accès du module défaillant: C:\Program Files
(x86)\Kaspersky Lab\Kaspersky Internet Security 2011\prloader.dll ID de rapport
: 74656aff-3697-11e0-aefd-e0cb4eb8b63e

Error - 12/02/2011 07:03:43 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 12/02/2011 12:53:15 | Computer Name = DagobaBrain | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\nettoyeur\spybot
- search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste ou de stratégie
« c:\nettoyeur\spybot - search & destroy\DelZip179.dll » à la ligne 8. La valeur
« * » de l’attribut « language » de l’élément « assemblyIdentity » n’est pas valide.

Error - 13/02/2011 05:00:53 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 13/02/2011 05:02:02 | Computer Name = DagobaBrain | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante TeaTimer.exe, version : 1.6.6.32,
horodatage : 0x2a425e19 Nom du module défaillant : TeaTimer.exe, version : 1.6.6.32,
horodatage : 0x2a425e19 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00006ddb
ID
du processus défaillant : 0x938 Heure de début de l’application défaillante : 0x01cbcb5c95854919
Chemin
d’accès de l’application défaillante : C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
Chemin
d’accès du module défaillant: C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
ID
de rapport : eb89493b-374f-11e0-a6d0-e0cb4eb8b63e

Error - 14/02/2011 04:05:23 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 14/02/2011 05:53:12 | Computer Name = DagobaBrain | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\nettoyeur\spybot
- search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste ou de stratégie
« c:\nettoyeur\spybot - search & destroy\DelZip179.dll » à la ligne 8. La valeur
« * » de l’attribut « language » de l’élément « assemblyIdentity » n’est pas valide.

Error - 15/02/2011 04:47:28 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 16/02/2011 04:08:35 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 16/02/2011 05:32:43 | Computer Name = DagobaBrain | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

[ System Events ]
Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:30 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:31 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:32 | Computer Name = DagobaBrain | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\libusb0.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/11/2010 17:19:42 | Computer Name = DagobaBrain | Source = Service Control Manager | ID = 7000
Description = Le service LibUsb-Win32 - Daemon, Version 0.1.10.1 n’a pas pu démarrer
en raison de l’erreur : %%2

Error - 23/11/2010 17:19:58 | Computer Name = DagobaBrain | Source = Service Control Manager | ID = 7000
Description = Le service Network LookOut Agent n’a pas pu démarrer en raison de
l’erreur : %%2


< End of report >
ThomX45
 
Messages: 5
Inscription: 16 Fév 2011, 10:15

Re: Demande rapport d'analyse Hijack and OLT

Messagede ThomX45 » 18 Fév 2011, 08:39

Hijack 1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:32, on 16/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\freeTVRadio\spointer\freetvradio_air.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Public\Documents\HiJackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [RTSS] "C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Utilitaires system\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - \\CHEWBACCA\SharedDocs\Network LookOut Administrator Pro\bin\NLAgentProSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10364 bytes
ThomX45
 
Messages: 5
Inscription: 16 Fév 2011, 10:15

Re: Demande rapport d'analyse Hijack and OLT

Messagede ThomX45 » 18 Fév 2011, 08:40

Hijack 2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:03, on 16/02/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
C:\Nettoyeur\SpywareGuard\sgmain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Nettoyeur\SpywareGuard\sgbhp.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Public\Documents\HiJackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Nettoyeur\SpywareGuard\dlprotect.dll
O2 - BHO: Interest recogniser for Freetvradio (powered by Spointer) - {4C4AD71D-52E1-4402-9E5B-CBFC295EC9BA} - C:\Program Files (x86)\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [RTSS] "C:\Utilitaires system\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Utilitaires system\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Nettoyeur\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Nettoyeur\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\NETTOY~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Network LookOut Agent (NetworkLookOutAgent) - Unknown owner - \\CHEWBACCA\SharedDocs\Network LookOut Administrator Pro\bin\NLAgentProSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Nettoyeur\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10398 bytes
ThomX45
 
Messages: 5
Inscription: 16 Fév 2011, 10:15

Re: Demande rapport d'analyse Hijack and OLT

Messagede nickW » 20 Fév 2011, 01:51

Bonsoir,

Questions préliminaires:

S'agit-il d'une version officielle (sous licence) de Windows 7?

SpywareGuard est-il compatible Windows 7?

SpywareGuard est-il compatible Windows 7 64bit?



Liste du contenu de certains dossiers:

Étape 1: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook_x64.exe
http://images.malwareremoval.com/jpshor ... ok_x64.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: SystemLook (de jpshortstuff)
Faire un clic droit sur SystemLook_x64.exe situé sur le Bureau, puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
:comment
:dir
C:\Users\Dagoba\AppData\Local\{EDAE28E9-52B4-47C4-9082-66C3B19921B7} /s
C:\Users\Dagoba\AppData\Local\{1527447F-1F52-45B9-A5B4-6542E31E2470} /s
C:\Users\Dagoba\AppData\Local\{9A033424-A34B-4F85-98F7-EE3ED401A782} /s
C:\Users\Dagoba\AppData\Local\{76BC5E37-0CA9-4BCB-A290-98032858657E} /s
C:\Users\Dagoba\AppData\Local\{9A86F58C-C5B7-4392-B384-2CDA0322D0A6} /s
C:\Users\Dagoba\AppData\Local\{05FEA034-F4AD-4DD3-AD2A-6F3B89D9C994} /s
C:\Users\Dagoba\AppData\Local\{E5D07072-BD30-4F1F-A3F7-1F40B1CF74E6} /s
C:\Users\Dagoba\AppData\Local\{6CBCCEDB-2945-4CF0-A3CA-F33FECFAAD07} /s
C:\Users\Dagoba\AppData\Local\{C0A6E3C5-0717-4C47-9D1F-A357F4A743D5} /s




Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande rapport d'analyse Hijack and OLT

Messagede ThomX45 » 20 Fév 2011, 11:08

Je pense que vous savez déja pour la version de windows? Donc oui vos doute sont tot a fait légitime.
Et merci de m'avoir répondu.
Voici le rapport sytemlook:

SystemLook 04.09.10 by jpshortstuff
Log created at 11:04 on 20/02/2011 by Dagoba
Administrator - Elevation successful

========== dir ==========

C:\Users\Dagoba\AppData\Local\{EDAE28E9-52B4-47C4-9082-66C3B19921B7} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{1527447F-1F52-45B9-A5B4-6542E31E2470} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{9A033424-A34B-4F85-98F7-EE3ED401A782} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{76BC5E37-0CA9-4BCB-A290-98032858657E} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{9A86F58C-C5B7-4392-B384-2CDA0322D0A6} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{05FEA034-F4AD-4DD3-AD2A-6F3B89D9C994} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{E5D07072-BD30-4F1F-A3F7-1F40B1CF74E6} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{6CBCCEDB-2945-4CF0-A3CA-F33FECFAAD07} - Parameters: "/s"

---Files---
None found.

No folders found.

C:\Users\Dagoba\AppData\Local\{C0A6E3C5-0717-4C47-9D1F-A357F4A743D5} - Parameters: "/s"

---Files---
None found.

No folders found.

-= EOF =-
ThomX45
 
Messages: 5
Inscription: 16 Fév 2011, 10:15


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 24 invités

cron