[Réglé]perte de volume mensuelle inexpliqué • page 2

jeanmimigab · le 10 Jan 2010 12:10

Bonjours les amis,

6OGB EN UNE journée !!!

Même si il y a des traces d'infections sur ton pc, ce n'est pas cette infection qui est responsable de volume de données :-?

Vérifie plutôt avec l'aide de ton fournisseur d'accès que ta connexion soit bien sécurisé ( une clef WEP se craque en moins de 15 minutes aujourd'hui).

On va désinfecter ton pc, mais je ne suis pas sur que cela règle ce souci de volume de données téléchargées.

le fait que tu sois en 64 bits va nous limiter dans le choix des outils :cry:

Fais cela stp...

Télécharge >> TFC.exe << impérativement sur ton bureau

Ferme tous les programmes en cour de fonctionnement...

Fait un double-clic sur l'icône de TFC pour le lancer

Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.

ensuite....

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Coches les case situées devant "Scan All Users", " LOP Check" et "Purity Check".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "Custom scanx/fixes"

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++ :wink:

johan · le 10 Jan 2010 22:27

bonsoir tout le monde ,

alors d'abord merci a jeanmimigab pour tes explications , clairs,nets et précises

donc pour ce qui est de la clef web elle est bien sécurisée notre fournisseur (belgacom) nous avaient proposé de resécuriser le wifi il y a 3,4jours de cela , nous l'avons fait ...

-pour ce qui est de : TFC.exe je l'ai utilisé, le pc a redémarré. aucune fenetre n'est apparu au redémarrage de TFC est-ce normale ?

-ici je vais te mettre les 2 rapports de OTL : un "OTL.Txt" et un "Extras.Txt"

Code: Tout sélectionner: [color=#FF0000]OTL.Txt :[/color] OTL logfile created on: 10/01/2010 21:50:40 - Run 1 OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\johan\Desktop\l4d 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279,46 Gb Total Space | 100,91 Gb Free Space | 36,11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-DE-JOHAN Current User Name: johan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\johan\Desktop\l4d\OTL.exe File not found PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe () PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe (ASUS) PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe () [color=#E56717]========== Modules (SafeList) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe () SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 14:34:14 | 00,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:[b]64bit:[/b] - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV:[b]64bit:[/b] - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:[b]64bit:[/b] - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:[b]64bit:[/b] - (VaneFltr) -- C:\Windows\SysNative\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd) DRV:[b]64bit:[/b] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (CSC) -- C:\Windows\CSC [2009/07/03 19:01:14 | 00,000,000 | ---D | M] DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (ULCDRHlp) -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys (Ulead Systems, Inc.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-280336447-1400752313-1936199459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/ IE - HKU\S-1-5-21-280336447-1400752313-1936199459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-280336447-1400752313-1936199459-1000\S-1-5-21-280336447-1400752313-1936199459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/17 14:14:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/07 19:08:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/07 19:08:46 | 00,000,000 | ---D | M] [2009/08/08 14:49:01 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\mozilla\Extensions [2010/01/10 19:39:07 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\mozilla\Firefox\Profiles\u3v7tc9x.default\extensions [2009/12/17 00:09:58 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\johan\AppData\Roaming\mozilla\Firefox\Profiles\u3v7tc9x.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/12/19 13:41:17 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009/11/01 13:28:14 | 00,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml [2009/11/01 13:28:14 | 00,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2009/11/01 13:28:14 | 00,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml [2009/11/01 13:28:14 | 00,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2009/11/01 13:28:14 | 00,000,652 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-280336447-1400752313-1936199459-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3:[b]64bit:[/b] - HKU\S-1-5-21-280336447-1400752313-1936199459-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-280336447-1400752313-1936199459-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-280336447-1400752313-1936199459-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-280336447-1400752313-1936199459-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O22:[b]64bit:[/b] - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/10/30 12:37:31 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found [b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found [b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2008/01/21 04:05:52 | 00,000,000 | ---D | M] NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/21 04:07:48 | 00,000,000 | ---D | M] NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/01/10 21:35:10 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\johan\Desktop\TFC.exe [2010/01/10 21:33:59 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\Users\johan\Desktop\OTL.exe [2010/01/09 15:15:34 | 00,000,000 | ---D | C] -- C:\Users\johan\Documents\NPS [2010/01/09 15:02:52 | 00,000,000 | ---D | C] -- C:\Users\johan\AppData\Roaming\PC Suite [2010/01/09 15:02:52 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2010/01/09 15:01:57 | 00,066,560 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2010/01/09 15:01:56 | 00,029,184 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010/01/09 15:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX [2010/01/09 15:01:55 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010/01/09 15:01:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers [2010/01/09 15:01:18 | 00,024,064 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe [2010/01/09 15:01:18 | 00,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys [2010/01/09 15:01:18 | 00,000,000 | ---D | C] -- C:\Users\johan\Documents\My NPS Files [2010/01/09 15:01:14 | 00,000,000 | ---D | C] -- C:\Users\johan\AppData\Roaming\Samsung [2010/01/09 15:01:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010/01/07 20:03:19 | 00,000,000 | ---D | C] -- C:\Users\johan\AppData\Roaming\Malwarebytes [2010/01/07 20:03:15 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/01/07 20:03:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/01/07 20:03:13 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/01/07 20:03:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/01/07 18:12:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Eye On Network [2009/12/26 21:08:58 | 00,000,000 | ---D | C] -- C:\Users\johan\Documents\BioWare [2009/12/26 15:31:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya [2009/12/25 23:15:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2009/12/21 12:07:43 | 04,990,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVStWiz.exe [2009/12/20 17:46:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2009/12/20 17:46:12 | 00,000,000 | ---D | C] -- C:\Users\johan\AppData\Roaming\SystemRequirementsLab [2009/12/19 13:41:10 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2009/12/19 13:41:10 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2009/12/19 13:41:10 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2009/12/19 13:41:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2009/12/19 13:37:21 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2009/12/17 00:18:29 | 00,000,000 | ---D | C] -- C:\Program Files\WhoCrashed [2009/12/16 22:27:31 | 00,000,000 | ---D | C] -- C:\Windows\registration [2009/12/12 19:33:01 | 00,000,000 | ---D | C] -- C:\Users\johan\Documents\Aspyr [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/01/10 21:48:34 | 03,543,696 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2010/01/10 21:48:34 | 01,547,106 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2010/01/10 21:48:34 | 01,546,886 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2010/01/10 21:48:34 | 01,498,122 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010/01/10 21:48:34 | 01,477,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/01/10 21:48:34 | 01,264,020 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat [2010/01/10 21:48:34 | 01,250,122 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2010/01/10 21:48:34 | 01,241,556 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat [2010/01/10 21:48:34 | 01,125,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/01/10 21:48:34 | 01,087,234 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2010/01/10 21:48:34 | 00,982,664 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2010/01/10 21:48:34 | 00,979,854 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2010/01/10 21:48:34 | 00,975,988 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010/01/10 21:48:34 | 00,954,840 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat [2010/01/10 21:48:34 | 00,954,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/01/10 21:48:34 | 00,954,678 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2010/01/10 21:48:34 | 00,954,672 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat [2010/01/10 21:47:55 | 09,437,184 | -HS- | M] () -- C:\Users\johan\ntuser.dat [2010/01/10 21:42:01 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/10 21:42:01 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/10 21:42:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/01/10 21:41:59 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/01/10 21:41:06 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{13c3a35a-fa30-11de-9bb0-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/10 21:41:06 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{13c3a35a-fa30-11de-9bb0-00248c750f4e}.TM.blf [2010/01/10 21:41:04 | 03,875,339 | -H-- | M] () -- C:\Users\johan\AppData\Local\IconCache.db [2010/01/10 21:35:21 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\johan\Desktop\TFC.exe [2010/01/10 21:34:00 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\Users\johan\Desktop\OTL.exe [2010/01/10 21:28:00 | 00,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-280336447-1400752313-1936199459-1000UA.job [2010/01/08 19:38:07 | 00,000,881 | ---- | M] () -- C:\Users\johan\Desktop\snifle - Raccourci.lnk [2010/01/08 19:33:42 | 00,000,886 | ---- | M] () -- C:\Users\johan\Desktop\sniffle - Raccourci.lnk [2010/01/08 11:27:47 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/07 21:00:05 | 00,588,679 | ---- | M] () -- C:\Users\johan\Documents\Sans titre.wma [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/01/05 23:05:04 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{13c3a35a-fa30-11de-9bb0-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/05 21:06:01 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5b92fc4c-fa29-11de-8d94-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/05 21:06:01 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5b92fc4c-fa29-11de-8d94-00248c750f4e}.TM.blf [2010/01/05 20:26:20 | 00,001,460 | ---- | M] () -- C:\Users\johan\AppData\Local\d3d9caps64.dat [2010/01/05 20:00:21 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5b92fc4c-fa29-11de-8d94-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/05 19:56:54 | 08,912,896 | -HS- | M] () -- C:\Users\johan\ntuser.dat_previous [2010/01/05 19:56:53 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5c719c0d-fa26-11de-bc1e-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/05 19:56:53 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5c719c0d-fa26-11de-bc1e-00248c750f4e}.TM.blf [2010/01/05 19:29:06 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5c719c0d-fa26-11de-bc1e-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/05 19:19:41 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5b57fccf-f881-11de-98f6-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/05 19:19:41 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5b57fccf-f881-11de-98f6-00248c750f4e}.TM.blf [2010/01/03 22:16:34 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{5b57fccf-f881-11de-98f6-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/03 17:06:05 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{78c76580-f5fa-11de-bcf7-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/03 17:06:05 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{78c76580-f5fa-11de-bcf7-00248c750f4e}.TM.blf [2009/12/31 20:41:44 | 00,000,680 | ---- | M] () -- C:\Users\johan\AppData\Local\d3d9caps.dat [2009/12/31 20:24:38 | 00,011,776 | ---- | M] () -- C:\Users\johan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/31 12:11:15 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{78c76580-f5fa-11de-bcf7-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/31 12:04:57 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{60e2b1bc-f555-11de-938c-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/31 12:04:57 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{60e2b1bc-f555-11de-938c-00248c750f4e}.TM.blf [2009/12/30 21:22:10 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{60e2b1bc-f555-11de-938c-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/30 21:19:40 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{eda6eb9b-ec8e-11de-a96c-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/30 21:19:40 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{eda6eb9b-ec8e-11de-a96c-00248c750f4e}.TM.blf [2009/12/27 02:34:53 | 00,034,895 | ---- | M] () -- C:\ProgramData\nvModes.dat [2009/12/27 02:34:52 | 00,034,895 | ---- | M] () -- C:\ProgramData\nvModes.001 [2009/12/26 16:00:53 | 00,001,653 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk [2009/12/26 00:28:00 | 00,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-280336447-1400752313-1936199459-1000Core.job [2009/12/25 23:16:59 | 00,000,877 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2009/12/25 19:06:54 | 00,057,615 | ---- | M] () -- C:\Users\johan\AppData\Local\Temp90.html [2009/12/25 19:06:47 | 00,000,778 | ---- | M] () -- C:\Users\johan\AppData\Local\Temp1.html [2009/12/21 22:30:09 | 00,002,042 | ---- | M] () -- C:\Users\johan\Desktop\Google Chrome.lnk [2009/12/20 17:46:44 | 00,000,552 | ---- | M] () -- C:\Users\johan\AppData\Local\d3d8caps.dat [2009/12/19 14:11:16 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{eda6eb9b-ec8e-11de-a96c-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/19 13:41:05 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2009/12/19 13:41:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2009/12/19 13:41:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2009/12/19 13:41:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2009/12/19 12:29:25 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{7a5a2f91-ec8d-11de-b027-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/19 12:29:25 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{7a5a2f91-ec8d-11de-b027-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/19 12:29:25 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{7a5a2f91-ec8d-11de-b027-00248c750f4e}.TM.blf [2009/12/19 12:03:08 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{11e70ce3-ea88-11de-85ac-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/19 12:03:08 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{11e70ce3-ea88-11de-85ac-00248c750f4e}.TM.blf [2009/12/17 14:19:05 | 00,058,890 | ---- | M] () -- C:\Users\johan\AppData\Local\Temp177.html [2009/12/17 00:18:29 | 00,000,728 | ---- | M] () -- C:\Users\johan\Desktop\WhoCrashed.lnk [2009/12/16 23:07:07 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{11e70ce3-ea88-11de-85ac-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/16 22:27:10 | 42,187,7324 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009/12/16 22:22:17 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{3c696954-e7ed-11de-a68b-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/16 22:22:17 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{3c696954-e7ed-11de-a68b-00248c750f4e}.TM.blf [2009/12/13 18:21:12 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{3c696954-e7ed-11de-a68b-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/13 15:14:04 | 00,524,288 | -HS- | M] () -- C:\Users\johan\ntuser.dat{c67e0522-e65d-11de-99e8-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/13 15:14:04 | 00,065,536 | -HS- | M] () -- C:\Users\johan\ntuser.dat{c67e0522-e65d-11de-99e8-00248c750f4e}.TM.blf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/08 19:38:07 | 00,000,881 | ---- | C] () -- C:\Users\johan\Desktop\snifle - Raccourci.lnk [2010/01/08 19:33:42 | 00,000,886 | ---- | C] () -- C:\Users\johan\Desktop\sniffle - Raccourci.lnk [2010/01/07 21:00:05 | 00,588,679 | ---- | C] () -- C:\Users\johan\Documents\Sans titre.wma [2010/01/07 20:03:18 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/05 21:09:46 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{13c3a35a-fa30-11de-9bb0-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/05 21:09:46 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{13c3a35a-fa30-11de-9bb0-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/05 21:09:46 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{13c3a35a-fa30-11de-9bb0-00248c750f4e}.TM.blf [2010/01/05 20:00:21 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5b92fc4c-fa29-11de-8d94-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/05 20:00:21 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5b92fc4c-fa29-11de-8d94-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/05 20:00:21 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5b92fc4c-fa29-11de-8d94-00248c750f4e}.TM.blf [2010/01/05 19:27:32 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5c719c0d-fa26-11de-bc1e-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/05 19:27:32 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5c719c0d-fa26-11de-bc1e-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/05 19:27:32 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5c719c0d-fa26-11de-bc1e-00248c750f4e}.TM.blf [2010/01/03 17:09:51 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5b57fccf-f881-11de-98f6-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2010/01/03 17:09:51 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5b57fccf-f881-11de-98f6-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2010/01/03 17:09:51 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{5b57fccf-f881-11de-98f6-00248c750f4e}.TM.blf [2009/12/31 12:11:15 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{78c76580-f5fa-11de-bcf7-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/31 12:11:15 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{78c76580-f5fa-11de-bcf7-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/31 12:11:15 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{78c76580-f5fa-11de-bcf7-00248c750f4e}.TM.blf [2009/12/30 21:22:10 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{60e2b1bc-f555-11de-938c-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/30 21:22:10 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{60e2b1bc-f555-11de-938c-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/30 21:22:10 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{60e2b1bc-f555-11de-938c-00248c750f4e}.TM.blf [2009/12/26 16:00:53 | 00,001,653 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk [2009/12/20 17:46:44 | 00,000,552 | ---- | C] () -- C:\Users\johan\AppData\Local\d3d8caps.dat [2009/12/19 13:02:37 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{eda6eb9b-ec8e-11de-a96c-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/19 13:02:37 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{eda6eb9b-ec8e-11de-a96c-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/19 13:02:37 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{eda6eb9b-ec8e-11de-a96c-00248c750f4e}.TM.blf [2009/12/19 12:21:20 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{7a5a2f91-ec8d-11de-b027-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/19 12:21:20 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{7a5a2f91-ec8d-11de-b027-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/19 12:21:20 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{7a5a2f91-ec8d-11de-b027-00248c750f4e}.TM.blf [2009/12/19 11:50:29 | 00,057,615 | ---- | C] () -- C:\Users\johan\AppData\Local\Temp90.html [2009/12/17 14:19:05 | 00,058,890 | ---- | C] () -- C:\Users\johan\AppData\Local\Temp177.html [2009/12/17 00:18:31 | 00,000,778 | ---- | C] () -- C:\Users\johan\AppData\Local\Temp1.html [2009/12/17 00:18:29 | 00,000,728 | ---- | C] () -- C:\Users\johan\Desktop\WhoCrashed.lnk [2009/12/16 22:28:00 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{11e70ce3-ea88-11de-85ac-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/16 22:28:00 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{11e70ce3-ea88-11de-85ac-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/16 22:28:00 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{11e70ce3-ea88-11de-85ac-00248c750f4e}.TM.blf [2009/12/13 15:17:06 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{3c696954-e7ed-11de-a68b-00248c750f4e}.TMContainer00000000000000000002.regtrans-ms [2009/12/13 15:17:06 | 00,524,288 | -HS- | C] () -- C:\Users\johan\ntuser.dat{3c696954-e7ed-11de-a68b-00248c750f4e}.TMContainer00000000000000000001.regtrans-ms [2009/12/13 15:17:06 | 00,065,536 | -HS- | C] () -- C:\Users\johan\ntuser.dat{3c696954-e7ed-11de-a68b-00248c750f4e}.TM.blf [2009/08/24 18:36:37 | 00,034,895 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/08/24 18:36:36 | 00,034,895 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/08/13 15:39:18 | 00,000,484 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/08/02 23:21:54 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/08/02 23:21:52 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009/07/15 12:22:26 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/07/15 12:21:51 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/07/10 14:05:36 | 00,000,680 | ---- | C] () -- C:\Users\johan\AppData\Local\d3d9caps.dat [2009/07/06 16:22:31 | 00,424,786 | ---- | C] () -- C:\Users\johan\AppData\Local\dd_vcredistMSI335D.txt [2009/07/06 16:22:31 | 00,015,042 | ---- | C] () -- C:\Users\johan\AppData\Local\dd_vcredistUI335D.txt [2009/07/03 22:21:55 | 00,011,776 | ---- | C] () -- C:\Users\johan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/03 21:01:47 | 00,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2009/07/03 21:01:47 | 00,000,088 | RHS- | C] () -- C:\Windows\SysWow64\19C18C40FF.sys [2009/07/03 20:10:32 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009/07/03 20:10:32 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009/07/03 20:05:55 | 00,000,989 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini [2009/07/03 20:05:55 | 00,000,928 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2009/07/03 20:05:43 | 00,127,488 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009/07/03 20:05:43 | 00,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009/07/03 20:00:52 | 00,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll [2009/07/03 19:39:30 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2009/07/03 19:36:56 | 00,051,151 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009/07/03 19:36:27 | 00,034,894 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009/07/03 19:11:12 | 00,001,460 | ---- | C] () -- C:\Users\johan\AppData\Local\d3d9caps64.dat [2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008/01/21 03:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/12/28 08:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007/10/25 17:26:10 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2007/01/10 06:44:26 | 01,457,024 | R--- | C] () -- C:\Windows\SysWow64\SSCProt.dll [color=#E56717]========== LOP Check ==========[/color] [2009/07/25 19:07:36 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\Autodesk [2009/07/25 18:55:53 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\Blender Foundation [2010/01/09 15:02:52 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\PC Suite [2010/01/09 15:43:24 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\Samsung [2009/07/14 19:37:40 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\SoundSpectrum [2009/12/20 17:46:20 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\SystemRequirementsLab [2009/07/03 23:02:28 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\Ulead Systems [2009/10/30 12:34:27 | 00,000,000 | ---D | M] -- C:\Users\johan\AppData\Roaming\uTorrent [2010/01/10 21:41:07 | 00,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2006/11/02 13:03:16 | 00,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_c41411ff\AGP440.sys [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_986ce78a\AGP440.sys [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/21 03:45:58 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/01/21 03:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2008/01/21 03:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys [2008/01/21 03:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2008/01/21 03:45:58 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2006/11/02 13:01:02 | 00,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys [2009/04/11 08:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2006/11/02 12:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\System32\cngaudit.dll [2006/11/02 12:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 12:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2009/02/11 16:26:18 | 00,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Windows.old\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/02/11 16:26:18 | 00,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Windows.old\Windows\System32\drivers\iaStor.sys [2009/02/11 16:26:18 | 00,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastor.inf_cd5ae24f\iaStor.sys [2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008/09/12 12:48:26 | 00,406,040 | ---- | M] (Intel Corporation) MD5=756879FA65978DF948437CE3FD1EACCD -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008/09/12 12:32:56 | 00,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2008/01/21 03:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2008/01/21 03:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_fbe95c71\iaStorV.sys [2008/01/21 03:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2008/01/21 03:46:07 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys [2006/11/02 12:51:48 | 00,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_69d79584\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/01/21 03:50:06 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old\Windows\System32\netlogon.dll [2008/01/21 03:50:06 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2008/01/21 03:50:06 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 07:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 08:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/21 03:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\SysWOW64\netlogon.dll [2008/01/21 03:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2008/01/21 03:47:35 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2006/11/02 13:02:51 | 00,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_a5403adf\nvstor.sys [2008/01/21 03:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2008/01/21 03:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_63cdbcfd\nvstor.sys [2008/01/21 03:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys [2008/01/21 03:46:02 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2008/01/21 03:49:34 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\SysWOW64\scecli.dll [2008/01/21 03:49:34 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/21 03:49:34 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/21 03:48:56 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old\Windows\System32\scecli.dll [2008/01/21 03:48:56 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2008/01/21 03:48:56 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 07:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 08:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > [color=#FF0000]VOICI maintenant le "Extras.Txt":[/color] OTL Extras logfile created on: 10/01/2010 21:50:40 - Run 1 OTL by OldTimer - Version 3.1.23.0 Folder = C:\Users\johan\Desktop\l4d 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279,46 Gb Total Space | 100,91 Gb Free Space | 36,11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PC-DE-JOHAN Current User Name: johan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-280336447-1400752313-1936199459-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 37 6D 9F 36 43 05 CA 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D09DF154-9A91-48E0-85AA-44BBA56D552C}" = lport=2869 | protocol=6 | dir=in | app=system | "{EFAD1058-674D-4099-BE1E-0DB7C5D5095D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C9F6FD7-F850-4EDA-8275-40C3CC6F4647}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{0DCA43B1-260D-4FBC-B5D4-D846FB7FBEE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age orgins character creator\daoriginslauncher.exe | "{1063EE1E-F075-46B8-8153-C1DFC775750D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{1821D6E2-7514-4D0D-8C96-7CED5BB8061B}" = protocol=17 | dir=in | app=c:\program files (x86)\killing floor\system\killingfloor.exe | "{1F944253-27CE-42D0-ADB1-C6EB2AE6DDA1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{1F9EFD69-F6DA-4F4F-98E7-D500287B1AA8}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2EA43E05-E37F-40AA-A78E-0890C1F61EEE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{3A684090-DA81-4B93-9378-E14E51A4D9D6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe | "{3F2ABC71-6B44-4ABC-B746-E156DAB578B4}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "{4196C71B-B99D-47C2-864A-600335E08862}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "{42846D1B-F038-4A96-B5D1-20F23F893949}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{44584D11-3E6D-445B-A9DE-E53FEAD7F966}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe | "{448C1D94-97C2-4E50-A8D8-800087AA9F20}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{485B2CB2-D612-492E-87FA-5A03583CABC4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{4C24F2A7-A965-48DA-B3F7-7DDD61125FA2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{592802C1-EE83-4052-A29B-02677493B94B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{7BF94F3B-8067-4EED-9BE6-3061CC3A7DCA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe | "{82639596-B435-4900-9115-01E40CC23D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age orgins character creator\daoriginslauncher.exe | "{9069F76E-19DD-4570-A78F-428BEC39B6EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{969888EF-9C66-41C4-909A-0117C3D89F83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{A777F95D-EA21-4737-8E2B-24801C211740}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{AA53DED0-C6C5-41D0-906C-8631A0B67C6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BD55CA84-77A0-448A-953F-E2B51151CA51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CAFD010B-FDE8-43AA-B652-7255B9B83ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{CD307A02-3285-4613-ABEC-DB040CA6BA94}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe | "{F7EFDE88-A238-4676-88F2-BB6FB01E86B7}" = protocol=6 | dir=in | app=c:\program files (x86)\killing floor\system\killingfloor.exe | "{FF0B5286-712E-4F20-BCEC-7B4B9EBB348D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "TCP Query User{1C0474A4-9CD1-4917-B01A-26E488C4D9B6}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | "TCP Query User{2B2699FF-5289-45DC-B267-DD0B3EE4CBDC}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe | "TCP Query User{32C46C12-1D5D-4B0E-9561-297880E9BF87}\\localhost\c$\@gmt-2009.10.05-15.55.41\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=\\localhost\c$\@gmt-2009.10.05-15.55.41\program files (x86)\garena\garena.exe | "TCP Query User{4BD64EEF-795E-4550-B4A6-0B7090E12724}C:\program files (x86)\steam\steamapps\fashiooon\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fashiooon\half-life 2 deathmatch\hl2.exe | "TCP Query User{55C6155E-5A24-4A1B-AFD1-6711C1127D1E}C:\program files (x86)\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena\garena.exe | "TCP Query User{5699C5CC-5FF7-47C2-AAA3-9E67AC86A2B9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{63499542-62F9-4214-90CB-84CE99639435}C:\users\johan\desktop\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\johan\desktop\left 4 dead\left4dead.exe | "TCP Query User{6C1170F2-C6E7-4CA0-8318-FC8E69469AB8}C:\program files (x86)\steam\steamapps\fashiooon\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fashiooon\counter-strike source\hl2.exe | "TCP Query User{7A0E7237-EF12-4341-AF00-E032F60019BF}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe | "TCP Query User{87F8C31C-A431-4CC9-8983-9D584E0F27FA}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "TCP Query User{A8C4E028-6BA9-4D50-9AD8-059D4742CED9}C:\program files (x86)\garenaa\garena.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garenaa\garena.exe | "TCP Query User{C7564C37-F742-4864-9B70-940750E2A93B}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | "TCP Query User{CE69B17E-3165-4D93-8A56-CEF381E730F8}C:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | "TCP Query User{D8E3434F-57DA-4078-AFA3-C928E945A791}C:\program files (x86)\steam\steamapps\fashiooon\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fashiooon\day of defeat source\hl2.exe | "UDP Query User{03B63A38-95D5-44C0-A390-E7FEE9D0BC98}C:\program files (x86)\steam\steamapps\fashiooon\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fashiooon\half-life 2 deathmatch\hl2.exe | "UDP Query User{08992E55-958D-43F7-97F2-D86340EE662C}C:\program files (x86)\alaplaya\s4league\s4client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\alaplaya\s4league\s4client.exe | "UDP Query User{08CF1351-4186-4BB6-B480-D79A6806B5D9}C:\program files (x86)\steam\steamapps\fashiooon\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fashiooon\counter-strike source\hl2.exe | "UDP Query User{0C5345CC-629D-4E59-A84E-EED2FF072706}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{13070D03-92F7-4946-84C9-76345B851C7A}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "UDP Query User{17621B08-D983-4FED-B520-719DFC441100}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe | "UDP Query User{1B5AB476-E49A-45B8-8CFD-457720F2616F}C:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files (x86)\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | "UDP Query User{291ABE87-C109-4C75-A599-79C6BB488A13}C:\users\johan\desktop\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\johan\desktop\left 4 dead\left4dead.exe | "UDP Query User{29BB6CB4-F222-456E-9578-729CC2884F1B}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | "UDP Query User{317CDFD7-5A47-4035-BE34-B0DE427E07A1}C:\program files (x86)\steam\steamapps\fashiooon\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fashiooon\day of defeat source\hl2.exe | "UDP Query User{3E2AACAC-9172-4793-89AC-A56032FE2EE5}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | "UDP Query User{4D0A8F82-9EBA-4080-B6D6-32A627881CEF}C:\program files (x86)\garenaa\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garenaa\garena.exe | "UDP Query User{6CED69B4-624D-409E-8BFA-3433EEE414BB}\\localhost\c$\@gmt-2009.10.05-15.55.41\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=\\localhost\c$\@gmt-2009.10.05-15.55.41\program files (x86)\garena\garena.exe | "UDP Query User{DAC6B31E-D53A-4837-B0C1-E135D440200E}C:\program files (x86)\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena\garena.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "UltSounds" = Modèles de sons Windows "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "WhoCrashed_is1" = WhoCrashed 2.00 "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3A94E148-9C8B-4FE9-99DD-93072F99BE20}" = Sound Blaster X-Fi MB "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français "{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALchemy X-FiMB" = Creative ALchemy (Edition X-Fi MB) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CABAL Online (Europe)_is1" = CABAL Online "CurseClient" = Curse Client "EADM" = EA Download Manager "Eye On Network" = Eye On Network (désinstallation) "Garena" = Garena "HijackThis" = HijackThis 2.0.2 "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE "L4DSP" = Left 4 Dead Standalone Patch "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 24920" = Dragon Age: Origins - Character Creator "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "WhiteCap" = WhiteCap "WinLiveSuite_Wave3" = Installation Windows Live "World of Warcraft" = World of Warcraft [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-280336447-1400752313-1936199459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 10/01/2010 14:45:24 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3011 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3012 Description = Error - 10/01/2010 16:48:31 | Computer Name = PC-de-johan | Source = LoadPerf | ID = 3011 Description = [ System Events ] Error - 9/01/2010 10:50:15 | Computer Name = PC-de-johan | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 9/01/2010 21:45:41 | Computer Name = PC-de-johan | Source = Application Popup | ID = 1060 Description = Le chargement de \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 9/01/2010 21:46:29 | Computer Name = PC-de-johan | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 10/01/2010 14:05:56 | Computer Name = PC-de-johan | Source = Application Popup | ID = 1060 Description = Le chargement de \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 10/01/2010 14:06:44 | Computer Name = PC-de-johan | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 10/01/2010 14:24:45 | Computer Name = PC-de-johan | Source = disk | ID = 262155 Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1. Error - 10/01/2010 14:45:02 | Computer Name = PC-de-johan | Source = disk | ID = 262155 Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR4. Error - 10/01/2010 16:35:31 | Computer Name = PC-de-johan | Source = Service Control Manager | ID = 7031 Description = Error - 10/01/2010 16:41:50 | Computer Name = PC-de-johan | Source = Application Popup | ID = 1060 Description = Le chargement de \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote. Error - 10/01/2010 16:42:38 | Computer Name = PC-de-johan | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report >

voila voila,merci d'avance pour votra aide précieuse =)

cordialement, Johan

Edit AtOM: @ Jeanmimigab: Je t'ai balisé le rapport :wink:

jeanmimigab · le 11 Jan 2010 00:18

hello johan,

TFC.exe je l'ai utilisé, le pc a redémarré. aucune fenetre n'est apparu au redémarrage de TFC est-ce normale ?

oui c'est normal, TFC supprime tous les fichiers temporaires, y compris ceux de windows et des processus infectieux ( d'où la nécessite du reboot ) et il ne génère pas de rapport.

A la suite...

Télécharge >>>OTM.exe<<< (de Oldt_Timer) sur ton Bureau.
> Fait un double-clique sur OTMoveIt3.exe pour lancer l'exécutable
> Copie la liste qui se trouve dans cette citation

:Services
npggsvc
:Processes
GameMon.des.exe
:Files
C:\Windows\system32\GameMon.des.exe

> Colle la dans le cadre de gauche de OTM

> Clic sur MoveIt! Pour lancer la suppression.
> Le résultat apparaitra dans le cadre Results.
> Clic sur Exit pour fermer.
> Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
> Si c'est le cas accepte par Yes.
> Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous la forme Date_Heure.log par Expl : ( 210609_203000.log )

ensuite...

relance hijacthis en choisissant "do a system scan only" ,sélectionne les lignes indiquées dans la citation ci-dessous en cliquant sur la case à gauche de chaque lignes et clic sur "fix checked"

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - hxxp://update.nprotect.net/keycrypt/cab ... x_inca.cab
et si tu trouve celle ci aussi...
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

ensuite...

Télécharge ADSspy.zip ( par merijn ) sur ton bureau.
Dézipes le dossier et fais un double-clic sur l'icône de ADSspy.exe
coches le choix "Full scan ( AllNTFS drives )" et surtout Ne modifies pas d'autres réglages de l'outil et cliques sur "Scan the systèm for alternat data streams".

Si à la fin du scan, il y a des fichiers qui apparaissent dans de cadre en bas de la fenêtre, coches les tous et cliques sur "Removed selected streams"
Valide la suppression en acceptant l'avertissement qui s'affiche.

@++

johan · le 11 Jan 2010 19:25

bonsoir tout le monde,

-jeanmimigab,j'ai fait comme tu m'as demandé :wink:

.

donc pour ce qui est du rapport d'OTM,le voici:

========== SERVICES/DRIVERS ==========
Service npggsvc stopped successfully!
Service npggsvc deleted successfully!
========== PROCESSES ==========
No active process named GameMon.des.exe was found!
========== FILES ==========
File/Folder C:\Windows\system32\GameMon.des.exe not found.

OTM by OldTimer - Version 3.1.5.0 log created on 01112010_183218

Pour ce qui est de hijacthis j'ai juste trouvé les 2 premier : "O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - hxxp://update.nprotect.net/keycrypt/cab ... x_inca.cab"

mais pas le 3eme désolé ...

-alors j'ai téléchargé DSspy.zip (par merijn) :

A la fin du scan il m'a trouvé 109 alternate data streams mais parmi ces 109 résultat il y a des photos que j'ai fais,des sites que j'ai sauvegardé en favori,des lien youtube etc ...

en appuyant sur "removed selected streams" ça va tout supprimer ... meme mes favoris etc ... dois-je vraiment tout coché ?
Car les photos que j'ai fais et autres ne représentent aucun risque,Non ? :cry:

cordialement,Johan

jeanmimigab · le 11 Jan 2010 21:03

Hello,

mais pas le 3eme désolé ...

C'est pour cela que je l'ai mise au conditionnelle (OTM s'en est chargé) :wink:

en appuyant sur "removed selected streams" ça va tout supprimer ...

Non, ne t'inquiètes pas, seul le flux ADS sera supprimé, pas le fichier porteur :wink:

Dans le doute, fait l'essaie avec une des photos ( on ne sait jamais, si ADSspy pète un câble :lol:

)
par exemple tu copies une des photos trouvées pas ADSspy sur ton bureau (pour la sauvegarder) et tu sélectionnes cette photo dans la liste et tu cliques sur "remove selected streams" et tu dois constater que la photo est toujours en place.

Si c'est bien le cas, tu peux donc tout cocher sans risque.

ces flux ADS ne sont pas forcément infectieux, c'est peut être tout simplement un Antivirus (mais pas Antivir) qui a stocké la somme MD5 des fichiers contrôlés dans ces flux lors d'un scan ( ça permet à la recherche heuristique d'être plus performante).

En tout cas si tu n'as pas modifiés d'autres paramètres dans ADSspy, aucun fichier:flux légitime de windows n'est détecté.

pour moi le pc est clean maintenant :wink:

Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...

télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

fait un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

Poste moi le rapport qui apparait

Attends mon feu vert pour cliquer sur Suppression

@++

Notre ami

johan · le 12 Jan 2010 19:47

bonsoir tout le monde =),

-Avec ADS aucun problèmes rien n'a été supprimé dans mes photos etc ... :lol:

-Seulement juste un petit truc a dire,a la fin scan quand j'ai supprimé tout,une fenetre est apparue et m'a indiqué ceci ( j'ai du le copier a la main car impossible Copier-coller) :

"The following ADS streams could not be deleted.they may be locked by another program:

C:/Windows.old/prgramData/application Data/TEMP:DFC5A2B2(110 bytes)

C:/ProgramData/TEMP:DFC5A2B2 (110 bytes)"

Donc apparement 2 n'ont pas été supprimé... *(les barres obliques sont inversé car je n'ai pas réussi a faire les autres :oops:

LooL)

-Alors voila le rapport de ToolsCleaner :

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\_OTM: trouvé !
C:\Users\johan\Desktop\OTM.exe: trouvé !
C:\Users\johan\Desktop\l4d\HijackThis.exe: trouvé !
C:\Users\johan\Desktop\l4d\hijackthis.log: trouvé !
C:\Windows.old\Documents and Settings\johan\Desktop\OTM.exe: trouvé !
C:\Windows.old\Documents and Settings\johan\Desktop\l4d\HijackThis.exe: trouvé !
C:\Windows.old\Documents and Settings\johan\Desktop\l4d\hijackthis.log: trouvé !

j'attends ton Feu vert

et comme d'hab merci :wink:

jeanmimigab · le 12 Jan 2010 20:15

hello,

mince !!! c'est justement celles ci que je voulais virer... :roll:

fait cela stp...

désactive ton Anti-virus le temps de faire ces manipulations.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

========================================================================================================

ensuite...

Télécharge Combofix sur ton Bureau (et pas ailleurs)en le renommant avant qu'il n'atterrisse sur ton bureau.

pour cela fais un clic droit sur Combofix.exe ,choisis "enregistrer la cible du lien sous..." et renomme le en johan.exe pour l'emplacement choisis ton bureau et cliques sur "enregistrer"

Double clique ComboFix.exe ( johan.exe ) pour démarrer le scan et suis les instructions indiquées par combofix.
Si Combofix te demande te demande l'autorisation de télécharger et installer la console de récupération Windows, acceptes et suis les instructions.
Lorsque le scan sera complet, un rapport apparaîtra, enregistre le sur ton bureau.
Redémarre impérativement ton pc !!
Copie/colle le rapport combofix dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

Pour poster le rapport fais comme cela stp...

cliques sur la balise "CODE" (dans la barre d'outil d'édition) et colle le contenu des rapports entre lla balise d'entrée et de sortie

========================================================================================================

si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fait un double clic sur l'icône

de WinsockXPFix.

>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

@++

johan · le 12 Jan 2010 21:30

Ok seuleument gros problèmes quand je fais double clic sur Combofix.exe (johan.exe) il mindique que l'OS est incompatible et qu'il ne marche que pour windows 2000 et xP ... :-?

(j'ai windows vista =( )

-Sinon tu ne ma pas encore dit si je pouvais faire la supression dans Toolscleaner2 ^^

jeanmimigab · le 13 Jan 2010 06:52

hello,
ne supprime rien avec toolcleaner , on va avoir besoin d'OTL.exe

Combofix fonctionne sous Vista mais ne reconnait pas les OS 64 Bits, désolé :lol:

on va utiliser OTL, fait cela...
relancer OTL via un clic-droit sur son icône et choisir "exécuter en tant qu'administrateur"
Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "Custom scanx/fixes"

:OTL
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:windows.odl\ProgramData\Application Data\TEMP:DFC5A2B2

et cette fois ci cliques sur "RUN FIX" ( et non pas "RUN SCAN" )

poste le rapport générer en utilisant les balises [CODE]

PS: pour afficher "\" c'est >> ALT GR+8 <<< :wink:

@++

johan · le 13 Jan 2010 14:26

Salut tout le monde,

voila le rapport de OTL :wink:

Code: Tout sélectionner: ========== OTL ========== ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. Unable to delete ADS C:windows.odl\ProgramData\Application Data\TEMP:DFC5A2B2 . OTL by OldTimer - Version 3.1.23.0 log created on 01132010_142253

jeanmimigab · le 13 Jan 2010 17:52

hello,

mince je suis vraiment à la rue en ce moment :roll:

J'ai fais une erreur de syntaxe sur le deuxième chemin >> c:windows... au lieu de c:\windows...

peux tu recommence le fix en utilisant cette citation stp...

:OTL
C:\windows.odl\ProgramData\Application Data\TEMP:DFC5A2B2

et poste le rapport comme tu l'as fais aujourd'hui

ensuite tu peut lancer toolscleanner pour le scan et tu peux cliquer sur "suppression" vue que j'ai déjà contrôler le premier rapport Toolscleaner

Tient nous au courant pour savoir si ton problème de volume mensuel est réglé,puis surtout n'hésite pas à revenir nous voir si tu as d'autres soucis :wink:

Je te libère, tu as bien bosser :wink:

@++

johan · le 13 Jan 2010 20:29

Re salut,

Code: Tout sélectionner: ========== OTL ========== OTL by OldTimer - Version 3.1.23.0 log created on 01132010_202518

Il y a surement un problème... rien ne s'affiche dans le rapport quand je copie-colle ta citation. :-?

Pourtant j'ai ressayé plusieurs fois ...

et merci a toi c'est toi qui a bien bossé pas moi ^^

jeanmimigab · le 13 Jan 2010 20:44

hello,

EDIT:Autant pour moi,

essais comme cela:
en collant cette citation :wink:

:OTL
@Alternate Data Stream - 110 bytes -> C:\windows.odl\ProgramData\Application Data\TEMP:DFC5A2B2

johan · le 13 Jan 2010 21:48

voila voila :

Code: Tout sélectionner: ========== OTL ========== Unable to delete ADS C:\windows.odl\ProgramData\Application Data\TEMP:DFC5A2B2 . OTL by OldTimer - Version 3.1.23.0 log created on 01132010_214722

jeanmimigab · le 13 Jan 2010 22:03

re,

bon,la suppression n'a pas fonctionné, il doit y avoir une petite erreur dans le chemin d'accès au fichier (ou bien celui ci n'existe plus)

peux tu relancer ADSSpye et me communiquer le chemin exact (à la lettre près..) du fichier dont on essais de supprimer le flux ADS ( si il existe toujours...of course) ... :wink:

[Réglé]perte de volume mensuelle inexpliqué • page 2

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Re: perte de volume mensuelle inexpliqué

Sujets similaires

Qui est en ligne