A voir également:
- Popup redondant et louche..!
- Firefox autoriser popup - Guide
- Real popup - Télécharger - Divers Réseau & Wi-Fi
- Popup cookies - Guide
- Popup mcafee - Accueil - Piratage
- Popup blocker - Télécharger - Outils pour navigateurs
18 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
29 oct. 2013 à 14:34
29 oct. 2013 à 14:34
Salut,
Tu as des adwares sur ton PC.
Passe ces deux programmes dans l'ordre.
Lis bien les instructions, clics sur les liens et lis bien aussi.
Prends ton temps.
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout en faisant un clic droit / cocher tout
puis bouton supprimer sélection pour tout supprimer.
puis :
Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
Clic sur le lien de téléchargement, sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]
Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Tu as des adwares sur ton PC.
Passe ces deux programmes dans l'ordre.
Lis bien les instructions, clics sur les liens et lis bien aussi.
Prends ton temps.
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Coche tout en faisant un clic droit / cocher tout
puis bouton supprimer sélection pour tout supprimer.
puis :
Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
Clic sur le lien de téléchargement, sur la page d'AdwCleaner, à droite, clic sur la disquette grise avec la flèche verte pour lancer le téléchargement.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]
Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
Bonjour Malekale_morte,
Merci de prendre ce souci en main. ;)
Comme demandé voici les deux rapports:
le 1er
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.10.29.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Pinson-Pogo :: PINSON-POGO-PC [administrateur]
Protection: Activé
2013-10-29 09:45:58
mbam-log-2013-10-29 (09-45-58).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 199044
Temps écoulé: 2 minute(s), 42 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
et le second:
# AdwCleaner v3.010 - Rapport créé le 29/10/2013 à 09:44:40
# Mis à jour le 20/10/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Pinson-Pogo - PINSON-POGO-PC
# Exécuté depuis : C:\Users\Pinson-Pogo\Desktop\adwcleaner.exe
# Option : Scanner
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
***** [ Navigateurs ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v24.0 (fr)
[ Fichier : C:\Users\Pinson-Pogo\AppData\Roaming\Mozilla\Firefox\Profiles\sjk4irpm.default\prefs.js ]
-\\ Google Chrome v30.0.1599.101
[ Fichier : C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [814 octets] - [29/10/2013 09:44:40]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [873 octets] ##########
Merci de prendre ce souci en main. ;)
Comme demandé voici les deux rapports:
le 1er
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Version de la base de données: v2013.10.29.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Pinson-Pogo :: PINSON-POGO-PC [administrateur]
Protection: Activé
2013-10-29 09:45:58
mbam-log-2013-10-29 (09-45-58).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 199044
Temps écoulé: 2 minute(s), 42 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)
(fin)
et le second:
# AdwCleaner v3.010 - Rapport créé le 29/10/2013 à 09:44:40
# Mis à jour le 20/10/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Pinson-Pogo - PINSON-POGO-PC
# Exécuté depuis : C:\Users\Pinson-Pogo\Desktop\adwcleaner.exe
# Option : Scanner
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Raccourcis ] *****
***** [ Registre ] *****
***** [ Navigateurs ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v24.0 (fr)
[ Fichier : C:\Users\Pinson-Pogo\AppData\Roaming\Mozilla\Firefox\Profiles\sjk4irpm.default\prefs.js ]
-\\ Google Chrome v30.0.1599.101
[ Fichier : C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [814 octets] - [29/10/2013 09:44:40]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [873 octets] ##########
A l'instant même que je répondais à ce message le popup est apparu et à remplacer l'onglet de CCM (commentcamarche) j'ai donc dû retranscrir le message à nouveau. C'est fâchant car ce popup, remplace l'onglet déjà ouvert.. (si c,est deux onglet qui sont ouvert dans le navigateur, alors ce seront les deux qui seront remplacé par ce popup..
EDIT: Hier en scannant avec malwarebyte j'ai supprimer une infection (la seule en fait) de ce type:
(PUP.Optional.OpenCandy)
EDIT2: Me voilà avec un nouveau popup...
http://www.browser-support.net/Updater/
(Une page louche qui me dit que mon navigateur n,est plus à jour.)
EDIT: Hier en scannant avec malwarebyte j'ai supprimer une infection (la seule en fait) de ce type:
(PUP.Optional.OpenCandy)
EDIT2: Me voilà avec un nouveau popup...
http://www.browser-support.net/Updater/
(Une page louche qui me dit que mon navigateur n,est plus à jour.)
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
29 oct. 2013 à 15:23
29 oct. 2013 à 15:23
Sur Firefox : Menu Outils / Modules complémentaires
Onglet Extension.
Donne la liste.
Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.
Onglet Extension.
Donne la liste.
Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.
re,
Firefox:
Adblock Plus 2.4
All-in-One sidebar 0.7.20
New Tab Homepage 0.4.3
WOT 20131008
X-notifier 3.3.9
Google chrome:
Adblock Plus 1.6.1
Documents Google 0.5
Firefox:
Adblock Plus 2.4
All-in-One sidebar 0.7.20
New Tab Homepage 0.4.3
WOT 20131008
X-notifier 3.3.9
Google chrome:
Adblock Plus 1.6.1
Documents Google 0.5
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
29 oct. 2013 à 21:26
29 oct. 2013 à 21:26
supprime : New Tab Homepage 0.4.3
Les pubs sont sur quel navigateur ?
Si ça continue, désactive toutes les extensions et vois ce que cela donne.
Les pubs sont sur quel navigateur ?
Si ça continue, désactive toutes les extensions et vois ce que cela donne.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rebonjour,
J'ai supprimer l'extension et désactiver ainsi toute les extensions mais le problème persiste... c'est très gênant.
Sous firefox seulement. Que faire?
J'ai supprimer l'extension et désactiver ainsi toute les extensions mais le problème persiste... c'est très gênant.
Sous firefox seulement. Que faire?
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 01:03
3 nov. 2013 à 01:03
Supprime toutes les extensions sauf WOT et Adblock.
Up
Je demande un rapport avec ZHPDiag pour scanner le pc Malekale_Morte. ;)
Je demande un rapport avec ZHPDiag pour scanner le pc Malekale_Morte. ;)
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 01:06
3 nov. 2013 à 01:06
J'utilise pas ZHPDiag, plutôt OTL => https://www.malekal.com/tutorial-otl/
mais si c'est sur Firefox, c'est une extension qui ouvre les pubs.
mais si c'est sur Firefox, c'est une extension qui ouvre les pubs.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 01:11
3 nov. 2013 à 01:11
si tu veux :)
voila le premier rapport d' OTL:
OTL logfile created on: 2013-11-02 20:14:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pinson-Pogo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 61,99% Memory free
7,99 Gb Paging File | 6,08 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 828,13 Gb Free Space | 88,91% Space Free | Partition Type: NTFS
Computer Name: PINSON-POGO-PC | User Name: Pinson-Pogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-11-02 20:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pinson-Pogo\Desktop\OTL.exe
PRC - [2013-10-29 15:13:00 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-10-09 03:50:15 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013-10-08 20:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-10-01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-09-27 15:06:06 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013-09-27 15:04:47 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013-09-27 15:04:45 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-08-30 15:16:16 | 000,310,920 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Pinson-Pogo\AppData\Local\MétéoMédia\weathereye.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-10-29 15:12:59 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-10-09 03:50:15 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013-10-08 20:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013-10-08 20:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013-10-08 20:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013-10-08 20:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013-10-08 20:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2013-08-30 18:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013-05-27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010-05-20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:[b]64bit:[/b] - [2009-07-13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-10-29 15:12:59 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-10-09 03:50:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-10-01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-09-27 15:06:06 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013-09-27 15:05:05 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013-09-27 15:04:47 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013-07-25 09:40:44 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013-09-27 15:06:43 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2013-09-27 15:06:43 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2013-09-27 15:06:43 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2013-08-30 20:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013-08-30 18:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013-07-05 04:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013-04-15 05:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-08-23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012-08-23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-08-23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012-08-23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-03-11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-05-20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:[b]64bit:[/b] - [2009-12-30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:[b]64bit:[/b] - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013-06-02 21:21:20 | 000,032,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 -- (AIDA64Driver)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://web2discover.etsmtl.ca/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013-09-27 14:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\Extensions
[2013-11-02 20:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\Firefox\Profiles\dnto1teo.default-1383416199154\extensions
[2013-11-02 14:35:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\Firefox\Profiles\dnto1teo.default-1383416199154\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013-11-02 14:29:56 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\firefox\profiles\dnto1teo.default-1383416199154\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-10-29 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-10-29 15:13:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.400.43 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Documents Google = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google\u00A0Drive = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Recherche Google = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009-06-10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000..\Run: [WeatherEye] C:\Users\Pinson-Pogo\AppData\Local\MétéoMédia\weathereye.exe (Pelmorex Media Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAB987FC-23C0-4733-81CC-E0184E1BBCC9}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-11-02 20:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pinson-Pogo\Desktop\OTL.exe
[2013-11-02 16:40:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-11-02 12:05:03 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\Doctor Web
[2013-10-30 21:58:04 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\Desktop\Photos
[2013-10-29 15:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-10-29 08:59:01 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\AppData\Roaming\Malwarebytes
[2013-10-29 08:58:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-10-29 08:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-10-29 08:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-10-28 10:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2013-10-28 10:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2013-10-24 00:47:28 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\AppData\Roaming\Hard Disk Sentinel
[2013-10-24 00:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
[2013-10-24 00:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hard Disk Sentinel
[2013-10-23 00:48:36 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\Desktop\En Standby
[2013-10-16 21:51:27 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013-10-16 21:51:23 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013-10-16 21:51:23 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013-10-16 21:51:23 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013-10-16 21:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013-10-16 21:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-10-15 21:56:44 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\AppData\Roaming\dvdcss
[2013-10-08 17:56:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013-10-08 17:56:28 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013-10-08 17:56:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013-10-08 17:56:28 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013-10-08 17:56:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013-10-08 17:56:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013-10-08 17:56:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013-10-08 17:56:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013-10-08 17:56:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013-10-08 17:56:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013-10-08 17:56:25 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013-10-08 17:56:23 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-10-08 17:56:23 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-10-08 17:56:23 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-10-08 17:56:23 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-10-08 17:56:23 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013-10-08 17:56:23 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013-10-08 17:56:23 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013-10-08 17:56:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-10-08 17:56:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-10-08 17:56:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-10-08 17:56:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-10-08 17:56:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-10-08 17:56:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-10-08 17:56:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013-10-08 17:56:20 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013-10-08 17:56:20 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013-10-08 17:56:14 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013-10-08 17:56:01 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013-10-08 17:56:01 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-11-02 20:17:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-11-02 20:12:17 | 000,395,074 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\th.png
[2013-11-02 20:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pinson-Pogo\Desktop\OTL.exe
[2013-11-02 19:50:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-11-02 17:50:15 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-11-02 17:50:15 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-11-02 17:47:21 | 000,975,510 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013-11-02 17:47:21 | 000,721,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-11-02 17:47:21 | 000,224,498 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013-11-02 17:47:21 | 000,186,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-11-02 17:47:21 | 000,006,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-11-02 17:42:53 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-11-02 17:42:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-11-02 17:42:29 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013-11-01 16:05:04 | 000,000,225 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\KratzerKash TE.URL
[2013-10-31 10:26:52 | 000,847,229 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\Guidoune 1.jpg
[2013-10-30 21:57:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-10-28 10:34:23 | 000,000,987 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\DVD Shrink 3.2.lnk
[2013-10-24 00:46:35 | 000,001,007 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\Hard Disk Sentinel.lnk
[2013-10-22 20:48:54 | 3813,285,888 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\NFB_ONF.ISO
[2013-10-18 00:34:34 | 000,000,234 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\VikingHits.com.URL
[2013-10-16 21:51:19 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013-10-16 21:51:18 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013-10-16 21:51:18 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013-10-16 21:51:18 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013-10-09 03:50:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-10-09 03:50:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-10-08 17:59:51 | 001,641,696 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-10-08 02:25:03 | 000,000,231 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\DonkeyMails.URL
[2013-10-07 21:39:35 | 000,000,284 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\CashnHits.URL
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-11-02 20:12:17 | 000,395,074 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\th.png
[2013-11-01 16:05:04 | 000,000,225 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\KratzerKash TE.URL
[2013-10-31 10:26:50 | 000,847,229 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\Guidoune 1.jpg
[2013-10-30 21:57:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-10-28 10:34:23 | 000,000,987 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\DVD Shrink 3.2.lnk
[2013-10-24 00:46:35 | 000,001,007 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\Hard Disk Sentinel.lnk
[2013-10-22 20:37:32 | 3813,285,888 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\NFB_ONF.ISO
[2013-10-18 00:34:34 | 000,000,234 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\VikingHits.com.URL
[2013-10-08 02:25:03 | 000,000,231 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\DonkeyMails.URL
[2013-10-07 21:39:35 | 000,000,284 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\CashnHits.URL
[2013-09-30 00:26:30 | 000,001,057 | ---- | C] () -- C:\Users\Pinson-Pogo\AppData\Roaming\vso_ts_preview.xml
[2013-09-27 17:32:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-09-27 17:24:53 | 001,641,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-08-30 19:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013-08-30 19:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013-08-30 19:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013-08-30 19:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013-08-30 19:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013-11-02 09:35:43 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\???@) -- C:\Windows\SysWow64\???@
[2013-11-01 15:35:39 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\???@) -- C:\Windows\SysWow64\???@
[2013-11-01 09:35:56 | 104,535,026 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???0/00
[2013-10-29 02:20:32 | 104,535,026 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???0/00
[2013-10-23 21:35:21 | 102,749,940 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???*
[2013-10-22 21:35:22 | 102,749,940 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???*
[2013-10-10 16:56:50 | 100,332,977 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???-
[2013-10-10 04:56:52 | 100,332,977 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???-
[2013-10-07 10:56:54 | 099,717,279 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???OE
[2013-10-04 16:56:47 | 099,717,279 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???OE
< End of report >
Et le second rapport "extra.txt"
OTL Extras logfile created on: 2013-11-02 20:14:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pinson-Pogo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 61,99% Memory free
7,99 Gb Paging File | 6,08 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 828,13 Gb Free Space | 88,91% Space Free | Partition Type: NTFS
Computer Name: PINSON-POGO-PC | User Name: Pinson-Pogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3083648223-2711926072-2783991371-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03814519-D659-466E-845B-28196FC1588A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{08B9F138-8370-47A6-B308-500E480F00DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{0EC2FD8D-88CF-485F-912C-450FD3F9A34B}" = rport=445 | protocol=6 | dir=out | app=system |
"{100B66D0-9A59-45D8-A2DC-A0D47569E3DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1711739F-7DDE-4043-A51A-1280AB0E314A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EF96F89-8DDF-442F-A2CA-CA26B03B5E02}" = lport=137 | protocol=17 | dir=in | app=system |
"{3BE0DDC6-07D7-4490-9141-4E4EED76E136}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D141253-E15B-4476-B2D3-30C7D6D39827}" = lport=139 | protocol=6 | dir=in | app=system |
"{C521F2B8-D1D7-404B-87BD-FD57E14D87CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{DAF19E61-3E13-42E8-BA55-B68148B82B43}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB314E18-DED4-4F41-9884-4B0136D8F06B}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF1BAE9F-4E58-4243-887F-1F9E4F4E6CBF}" = rport=138 | protocol=17 | dir=out | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BCEAFE-C4BC-47CC-BAB9-01AB3BCBCE15}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{114F8A77-D57E-45BC-97B8-5E8C8F9A689D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{204F8312-920A-44F0-BB6E-8E72888D02BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{29D96C43-9F30-499A-B20B-30CC25AC6C3A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{3009591C-01BF-4B26-AC21-CCD6480F643C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33431281-7230-408F-8ED5-0C3E7FFD3CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{515D5ED9-85A5-44BB-9431-6A8DBA4254CE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{527D8785-484B-4BF9-BF5B-FEB124C730FB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{5E078939-000E-4848-B2CF-5857C993C039}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{71C37CEC-16AA-4BC0-BDEA-560B57AE1C66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{7A6A1761-C385-48DD-AF9E-A1B5B99CE788}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{81B96EB3-A714-4093-8FD0-FD318DFA276D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{84EDE390-B7D9-4A9B-86B2-AD5BF3FAC1BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8F350D9B-050B-4108-85A9-868A23CFC624}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B9D9E513-991A-4CB7-B32C-4808388C3749}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BA383810-E694-4BD4-BAE5-9CFE79C136AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC1792CD-F67F-4FD5-9F8D-401F99C0C8DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{EC735A30-D08C-4D84-9AD2-B21F26727466}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F3A5F8F5-BD86-422C-8022-672C6A95C7C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13351E83-6DCD-4E97-2A8C-5D496259A47F}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{3AA627AF-DD36-F927-D91F-207FB3CC32D9}" = ccc-utility64
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B775540C-E635-B6CF-379F-87222AEC77C6}" = AMD Media Foundation Decoders
"{C4838EB8-FCED-B4EB-2777-017DFC3BD65D}" = AMD Accelerated Video Transcoding
"{CFCF71B6-5962-3BA9-F336-8C4CD1747721}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 5.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1008F030-1D06-C7C2-14F7-18CE3307F51F}" = CCC Help Portuguese
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{174F94E5-581E-EFCA-60FF-72B99A893BAE}" = CCC Help Thai
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3C9EF074-E7E8-1DAD-7B24-E2ACDC48FBDE}" = CCC Help English
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype(TM) 6.7
"{4F07D6C9-3AB0-0567-FA40-FA091398E7BE}" = CCC Help Italian
"{56978E45-6A6B-8DF7-B37C-58043F182D6C}" = CCC Help Swedish
"{6672A809-A0D9-A47E-7CFE-AF0B0D599D40}" = Catalyst Control Center Localization All
"{6AFE5E25-121D-6054-62B8-F3354C82FAAF}" = CCC Help Hungarian
"{7BDECEC6-87A7-A7AA-8AE8-A8D663F3B9E5}" = CCC Help Finnish
"{7D6835C4-F6C7-7D78-5DC7-593E025A58FD}" = CCC Help Korean
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8BB6D134-BFBA-F4B7-D086-6EF765576DBE}" = CCC Help Norwegian
"{A69B5801-707A-D310-2DD1-0DE7EFF761AC}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C42B66AB-B0A2-516D-63BE-6D9608A3B9BC}" = CCC Help Dutch
"{C9B21EB7-9E61-55EF-DC76-ADB8DDEEFE56}" = CCC Help Polish
"{CC45C792-5348-9446-1FBB-2A287A19D48E}" = AMD Catalyst Control Center
"{CC9AD130-069C-E5AF-A56C-48E58781BE24}" = CCC Help Chinese Standard
"{D0A0DC26-EDD5-C03D-6AFC-8F10D2FD974F}" = CCC Help Chinese Traditional
"{D805E716-EE94-64C4-04FB-BE98A4BF6CF6}" = CCC Help Spanish
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{E002447E-6B41-DCF6-8133-987BF12C5B50}" = CCC Help Czech
"{E7970ADC-319A-A32B-7D8D-9404F4807365}" = CCC Help German
"{E7E71065-1152-440D-F258-5B6DE3817E41}" = Catalyst Control Center Graphics Previews Common
"{EADF01C1-9C48-5157-AF54-8E5DC3540185}" = CCC Help Turkish
"{EB48CCF6-69EC-F24E-0F24-6A13DFF63A05}" = CCC Help French
"{EF2E4024-2B49-F761-B36F-167033D7F005}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F88FFBE5-6A07-6206-0B13-4F648A6718C9}" = Catalyst Control Center InstallProxy
"{FA5BA14A-631B-3AFB-8918-B75443396D4C}" = CCC Help Danish
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE8DA369-A02D-F0E4-231C-7D73A2D62028}" = CCC Help Russian
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v3.00
"Avira AntiVir Desktop" = Avira Free Antivirus
"DVD Shrink_is1" = DVD Shrink 3.2
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0 (x86 fr)" = Mozilla Firefox 25.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-3083648223-2711926072-2783991371-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chromium" = Chromium
"MétéoMédia" = MétéoMédia
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2013-11-02 17:44:21 | Computer Name = Pinson-Pogo-PC | Source = WinMgmt | ID = 10
Description =
Error - 2013-11-02 17:45:02 | Computer Name = Pinson-Pogo-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 2013-11-02 17:47:18 | Computer Name = Pinson-Pogo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 2013-11-02 17:47:18 | Computer Name = Pinson-Pogo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 2013-11-02 17:47:18 | Computer Name = Pinson-Pogo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code
d'erreur.
Error - 2013-11-02 18:18:03 | Computer Name = Pinson-Pogo-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 2013-11-02 18:20:36 | Computer Name = Pinson-Pogo-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.
Error - 2013-11-02 18:20:38 | Computer Name = Pinson-Pogo-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.
Error - 2013-11-02 18:55:48 | Computer Name = Pinson-Pogo-PC | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
du cliché instantané n'a pas pu s'agrandir en raison d'une limite utilisateur.
Error - 2013-11-02 20:03:05 | Computer Name = Pinson-Pogo-PC | Source = DCOM | ID = 10016
Description =
< End of report >
OTL logfile created on: 2013-11-02 20:14:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pinson-Pogo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 61,99% Memory free
7,99 Gb Paging File | 6,08 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 828,13 Gb Free Space | 88,91% Space Free | Partition Type: NTFS
Computer Name: PINSON-POGO-PC | User Name: Pinson-Pogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013-11-02 20:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pinson-Pogo\Desktop\OTL.exe
PRC - [2013-10-29 15:13:00 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-10-09 03:50:15 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013-10-08 20:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-10-01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-09-27 15:06:06 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013-09-27 15:04:47 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013-09-27 15:04:45 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-08-30 15:16:16 | 000,310,920 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\Pinson-Pogo\AppData\Local\MétéoMédia\weathereye.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013-10-29 15:12:59 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-10-09 03:50:15 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013-10-08 20:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013-10-08 20:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013-10-08 20:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013-10-08 20:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013-10-08 20:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2013-08-30 18:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2013-05-27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010-05-20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:[b]64bit:[/b] - [2009-07-13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-10-29 15:12:59 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-10-09 03:50:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-10-01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-09-27 15:06:06 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013-09-27 15:05:05 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013-09-27 15:04:47 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013-07-25 09:40:44 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013-09-27 15:06:43 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2013-09-27 15:06:43 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2013-09-27 15:06:43 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2013-08-30 20:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2013-08-30 18:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2013-07-05 04:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2013-04-15 05:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012-08-23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2012-08-23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012-08-23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012-08-23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011-03-11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011-03-11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010-11-20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-05-20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:[b]64bit:[/b] - [2009-12-30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:[b]64bit:[/b] - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013-06-02 21:21:20 | 000,032,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 -- (AIDA64Driver)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://web2discover.etsmtl.ca/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013-09-27 14:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\Extensions
[2013-11-02 20:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\Firefox\Profiles\dnto1teo.default-1383416199154\extensions
[2013-11-02 14:35:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\Firefox\Profiles\dnto1teo.default-1383416199154\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013-11-02 14:29:56 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Pinson-Pogo\AppData\Roaming\mozilla\firefox\profiles\dnto1teo.default-1383416199154\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-10-29 15:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-10-29 15:13:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.400.43 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Documents Google = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google\u00A0Drive = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Recherche Google = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Pinson-Pogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009-06-10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000..\Run: [WeatherEye] C:\Users\Pinson-Pogo\AppData\Local\MétéoMédia\weathereye.exe (Pelmorex Media Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAB987FC-23C0-4733-81CC-E0184E1BBCC9}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013-11-02 20:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pinson-Pogo\Desktop\OTL.exe
[2013-11-02 16:40:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-11-02 12:05:03 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\Doctor Web
[2013-10-30 21:58:04 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\Desktop\Photos
[2013-10-29 15:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-10-29 08:59:01 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\AppData\Roaming\Malwarebytes
[2013-10-29 08:58:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-10-29 08:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-10-29 08:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-10-28 10:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2013-10-28 10:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2013-10-24 00:47:28 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\AppData\Roaming\Hard Disk Sentinel
[2013-10-24 00:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
[2013-10-24 00:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hard Disk Sentinel
[2013-10-23 00:48:36 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\Desktop\En Standby
[2013-10-16 21:51:27 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013-10-16 21:51:23 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013-10-16 21:51:23 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013-10-16 21:51:23 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013-10-16 21:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013-10-16 21:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-10-15 21:56:44 | 000,000,000 | ---D | C] -- C:\Users\Pinson-Pogo\AppData\Roaming\dvdcss
[2013-10-08 17:56:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013-10-08 17:56:28 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013-10-08 17:56:28 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013-10-08 17:56:28 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013-10-08 17:56:28 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013-10-08 17:56:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013-10-08 17:56:28 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013-10-08 17:56:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013-10-08 17:56:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013-10-08 17:56:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013-10-08 17:56:25 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013-10-08 17:56:23 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-10-08 17:56:23 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-10-08 17:56:23 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-10-08 17:56:23 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013-10-08 17:56:23 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013-10-08 17:56:23 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013-10-08 17:56:23 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013-10-08 17:56:22 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-10-08 17:56:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-10-08 17:56:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-10-08 17:56:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-10-08 17:56:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-10-08 17:56:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-10-08 17:56:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013-10-08 17:56:20 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013-10-08 17:56:20 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013-10-08 17:56:14 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013-10-08 17:56:01 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013-10-08 17:56:01 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013-11-02 20:17:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-11-02 20:12:17 | 000,395,074 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\th.png
[2013-11-02 20:10:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pinson-Pogo\Desktop\OTL.exe
[2013-11-02 19:50:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-11-02 17:50:15 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-11-02 17:50:15 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-11-02 17:47:21 | 000,975,510 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013-11-02 17:47:21 | 000,721,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-11-02 17:47:21 | 000,224,498 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013-11-02 17:47:21 | 000,186,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-11-02 17:47:21 | 000,006,220 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-11-02 17:42:53 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-11-02 17:42:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-11-02 17:42:29 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013-11-01 16:05:04 | 000,000,225 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\KratzerKash TE.URL
[2013-10-31 10:26:52 | 000,847,229 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\Guidoune 1.jpg
[2013-10-30 21:57:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-10-28 10:34:23 | 000,000,987 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\DVD Shrink 3.2.lnk
[2013-10-24 00:46:35 | 000,001,007 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\Hard Disk Sentinel.lnk
[2013-10-22 20:48:54 | 3813,285,888 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\NFB_ONF.ISO
[2013-10-18 00:34:34 | 000,000,234 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\VikingHits.com.URL
[2013-10-16 21:51:19 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013-10-16 21:51:18 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013-10-16 21:51:18 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013-10-16 21:51:18 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013-10-09 03:50:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-10-09 03:50:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-10-08 17:59:51 | 001,641,696 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-10-08 02:25:03 | 000,000,231 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\DonkeyMails.URL
[2013-10-07 21:39:35 | 000,000,284 | ---- | M] () -- C:\Users\Pinson-Pogo\Desktop\CashnHits.URL
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013-11-02 20:12:17 | 000,395,074 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\th.png
[2013-11-01 16:05:04 | 000,000,225 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\KratzerKash TE.URL
[2013-10-31 10:26:50 | 000,847,229 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\Guidoune 1.jpg
[2013-10-30 21:57:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013-10-28 10:34:23 | 000,000,987 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\DVD Shrink 3.2.lnk
[2013-10-24 00:46:35 | 000,001,007 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\Hard Disk Sentinel.lnk
[2013-10-22 20:37:32 | 3813,285,888 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\NFB_ONF.ISO
[2013-10-18 00:34:34 | 000,000,234 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\VikingHits.com.URL
[2013-10-08 02:25:03 | 000,000,231 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\DonkeyMails.URL
[2013-10-07 21:39:35 | 000,000,284 | ---- | C] () -- C:\Users\Pinson-Pogo\Desktop\CashnHits.URL
[2013-09-30 00:26:30 | 000,001,057 | ---- | C] () -- C:\Users\Pinson-Pogo\AppData\Roaming\vso_ts_preview.xml
[2013-09-27 17:32:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-09-27 17:24:53 | 001,641,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-08-30 19:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013-08-30 19:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013-08-30 19:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013-08-30 19:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013-08-30 19:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-07-14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-07-25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013-11-02 09:35:43 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\???@) -- C:\Windows\SysWow64\???@
[2013-11-01 15:35:39 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\???@) -- C:\Windows\SysWow64\???@
[2013-11-01 09:35:56 | 104,535,026 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???0/00
[2013-10-29 02:20:32 | 104,535,026 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???0/00
[2013-10-23 21:35:21 | 102,749,940 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???*
[2013-10-22 21:35:22 | 102,749,940 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???*
[2013-10-10 16:56:50 | 100,332,977 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???-
[2013-10-10 04:56:52 | 100,332,977 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???-
[2013-10-07 10:56:54 | 099,717,279 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???OE
[2013-10-04 16:56:47 | 099,717,279 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\???OE
< End of report >
Et le second rapport "extra.txt"
OTL Extras logfile created on: 2013-11-02 20:14:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pinson-Pogo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 61,99% Memory free
7,99 Gb Paging File | 6,08 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 828,13 Gb Free Space | 88,91% Space Free | Partition Type: NTFS
Computer Name: PINSON-POGO-PC | User Name: Pinson-Pogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3083648223-2711926072-2783991371-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03814519-D659-466E-845B-28196FC1588A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{08B9F138-8370-47A6-B308-500E480F00DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{0EC2FD8D-88CF-485F-912C-450FD3F9A34B}" = rport=445 | protocol=6 | dir=out | app=system |
"{100B66D0-9A59-45D8-A2DC-A0D47569E3DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1711739F-7DDE-4043-A51A-1280AB0E314A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EF96F89-8DDF-442F-A2CA-CA26B03B5E02}" = lport=137 | protocol=17 | dir=in | app=system |
"{3BE0DDC6-07D7-4490-9141-4E4EED76E136}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D141253-E15B-4476-B2D3-30C7D6D39827}" = lport=139 | protocol=6 | dir=in | app=system |
"{C521F2B8-D1D7-404B-87BD-FD57E14D87CA}" = lport=445 | protocol=6 | dir=in | app=system |
"{DAF19E61-3E13-42E8-BA55-B68148B82B43}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB314E18-DED4-4F41-9884-4B0136D8F06B}" = rport=137 | protocol=17 | dir=out | app=system |
"{FF1BAE9F-4E58-4243-887F-1F9E4F4E6CBF}" = rport=138 | protocol=17 | dir=out | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BCEAFE-C4BC-47CC-BAB9-01AB3BCBCE15}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{114F8A77-D57E-45BC-97B8-5E8C8F9A689D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{204F8312-920A-44F0-BB6E-8E72888D02BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{29D96C43-9F30-499A-B20B-30CC25AC6C3A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{3009591C-01BF-4B26-AC21-CCD6480F643C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33431281-7230-408F-8ED5-0C3E7FFD3CAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{515D5ED9-85A5-44BB-9431-6A8DBA4254CE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{527D8785-484B-4BF9-BF5B-FEB124C730FB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{5E078939-000E-4848-B2CF-5857C993C039}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{71C37CEC-16AA-4BC0-BDEA-560B57AE1C66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{7A6A1761-C385-48DD-AF9E-A1B5B99CE788}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{81B96EB3-A714-4093-8FD0-FD318DFA276D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{84EDE390-B7D9-4A9B-86B2-AD5BF3FAC1BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8F350D9B-050B-4108-85A9-868A23CFC624}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{B9D9E513-991A-4CB7-B32C-4808388C3749}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BA383810-E694-4BD4-BAE5-9CFE79C136AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC1792CD-F67F-4FD5-9F8D-401F99C0C8DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{EC735A30-D08C-4D84-9AD2-B21F26727466}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F3A5F8F5-BD86-422C-8022-672C6A95C7C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13351E83-6DCD-4E97-2A8C-5D496259A47F}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{3AA627AF-DD36-F927-D91F-207FB3CC32D9}" = ccc-utility64
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B775540C-E635-B6CF-379F-87222AEC77C6}" = AMD Media Foundation Decoders
"{C4838EB8-FCED-B4EB-2777-017DFC3BD65D}" = AMD Accelerated Video Transcoding
"{CFCF71B6-5962-3BA9-F336-8C4CD1747721}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 5.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1008F030-1D06-C7C2-14F7-18CE3307F51F}" = CCC Help Portuguese
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{174F94E5-581E-EFCA-60FF-72B99A893BAE}" = CCC Help Thai
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3C9EF074-E7E8-1DAD-7B24-E2ACDC48FBDE}" = CCC Help English
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype(TM) 6.7
"{4F07D6C9-3AB0-0567-FA40-FA091398E7BE}" = CCC Help Italian
"{56978E45-6A6B-8DF7-B37C-58043F182D6C}" = CCC Help Swedish
"{6672A809-A0D9-A47E-7CFE-AF0B0D599D40}" = Catalyst Control Center Localization All
"{6AFE5E25-121D-6054-62B8-F3354C82FAAF}" = CCC Help Hungarian
"{7BDECEC6-87A7-A7AA-8AE8-A8D663F3B9E5}" = CCC Help Finnish
"{7D6835C4-F6C7-7D78-5DC7-593E025A58FD}" = CCC Help Korean
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8BB6D134-BFBA-F4B7-D086-6EF765576DBE}" = CCC Help Norwegian
"{A69B5801-707A-D310-2DD1-0DE7EFF761AC}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C42B66AB-B0A2-516D-63BE-6D9608A3B9BC}" = CCC Help Dutch
"{C9B21EB7-9E61-55EF-DC76-ADB8DDEEFE56}" = CCC Help Polish
"{CC45C792-5348-9446-1FBB-2A287A19D48E}" = AMD Catalyst Control Center
"{CC9AD130-069C-E5AF-A56C-48E58781BE24}" = CCC Help Chinese Standard
"{D0A0DC26-EDD5-C03D-6AFC-8F10D2FD974F}" = CCC Help Chinese Traditional
"{D805E716-EE94-64C4-04FB-BE98A4BF6CF6}" = CCC Help Spanish
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{E002447E-6B41-DCF6-8133-987BF12C5B50}" = CCC Help Czech
"{E7970ADC-319A-A32B-7D8D-9404F4807365}" = CCC Help German
"{E7E71065-1152-440D-F258-5B6DE3817E41}" = Catalyst Control Center Graphics Previews Common
"{EADF01C1-9C48-5157-AF54-8E5DC3540185}" = CCC Help Turkish
"{EB48CCF6-69EC-F24E-0F24-6A13DFF63A05}" = CCC Help French
"{EF2E4024-2B49-F761-B36F-167033D7F005}" = CCC Help Japanese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F88FFBE5-6A07-6206-0B13-4F648A6718C9}" = Catalyst Control Center InstallProxy
"{FA5BA14A-631B-3AFB-8918-B75443396D4C}" = CCC Help Danish
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE8DA369-A02D-F0E4-231C-7D73A2D62028}" = CCC Help Russian
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v3.00
"Avira AntiVir Desktop" = Avira Free Antivirus
"DVD Shrink_is1" = DVD Shrink 3.2
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0 (x86 fr)" = Mozilla Firefox 25.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PowerISO" = PowerISO
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-3083648223-2711926072-2783991371-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chromium" = Chromium
"MétéoMédia" = MétéoMédia
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2013-11-02 17:44:21 | Computer Name = Pinson-Pogo-PC | Source = WinMgmt | ID = 10
Description =
Error - 2013-11-02 17:45:02 | Computer Name = Pinson-Pogo-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 2013-11-02 17:47:18 | Computer Name = Pinson-Pogo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 2013-11-02 17:47:18 | Computer Name = Pinson-Pogo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d'extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.
Error - 2013-11-02 17:47:18 | Computer Name = Pinson-Pogo-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Le déchargement des chaînes de compteurs de performances pour le service
WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code
d'erreur.
Error - 2013-11-02 18:18:03 | Computer Name = Pinson-Pogo-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 2013-11-02 18:20:36 | Computer Name = Pinson-Pogo-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.
Error - 2013-11-02 18:20:38 | Computer Name = Pinson-Pogo-PC | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.
Error - 2013-11-02 18:55:48 | Computer Name = Pinson-Pogo-PC | Source = volsnap | ID = 393252
Description = Les clichés instantanés du volume C: ont été annulés car le stockage
du cliché instantané n'a pas pu s'agrandir en raison d'une limite utilisateur.
Error - 2013-11-02 20:03:05 | Computer Name = Pinson-Pogo-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 11:05
3 nov. 2013 à 11:05
Pas super lisible, tu peux utiliser http://pjjoint.malekal.com pour faire passer le rapport ?
Tu as tout supprimé sauf WOT et Adblock sur Firefox ?
Tu as tout supprimé sauf WOT et Adblock sur Firefox ?
rebonjour,
Voila comme demandé le rapport d'OTL:
http://pjjoint.malekal.com/files.php?id=OTL_20131103_m8b14k8w9w6
Et le second rapport: "Extra.txt"
http://pjjoint.malekal.com/files.php?id=OTL_Extras_20131103_n11c11y10s14u15
Oui dans les "extensions" j'ai tout supprimer sauf WOT et Adblock.
Voila comme demandé le rapport d'OTL:
http://pjjoint.malekal.com/files.php?id=OTL_20131103_m8b14k8w9w6
Et le second rapport: "Extra.txt"
http://pjjoint.malekal.com/files.php?id=OTL_Extras_20131103_n11c11y10s14u15
Oui dans les "extensions" j'ai tout supprimer sauf WOT et Adblock.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
Modifié par Malekal_morte- le 3/11/2013 à 15:05
Modifié par Malekal_morte- le 3/11/2013 à 15:05
Je pense que ce programme de météo est suceptibe d'ouvrir des pages de pubs :
O4 - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000..\Run: [WeatherEye] C:\Users\Pinson-Pogo\AppData\Local\MétéoMédia\weathereye.exe (Pelmorex Media Inc.)
Ca fait longtemps que tu l'as ?
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
O4 - HKU\S-1-5-21-3083648223-2711926072-2783991371-1000..\Run: [WeatherEye] C:\Users\Pinson-Pogo\AppData\Local\MétéoMédia\weathereye.exe (Pelmorex Media Inc.)
Ca fait longtemps que tu l'as ?
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
rebonjour,
Ça fait depuis 2006 que je l'utilise, c'est un logiciel d'une plateforme météo réputé au Québec. C'est même une chaîne disponible sur les cablodistributeurs est diponible depuis quelque décennie.
Sinon il n'y a rien ? :)
Ça fait depuis 2006 que je l'utilise, c'est un logiciel d'une plateforme météo réputé au Québec. C'est même une chaîne disponible sur les cablodistributeurs est diponible depuis quelque décennie.
Sinon il n'y a rien ? :)
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 15:16
3 nov. 2013 à 15:16
non là c'est bon, tu as encore des pubs ?
toujours des pubs venant de ce domaine:
http://javeupdatecaa.com
1. Très louche tous ça... regarde Malekal_Morte le whois:
Whois : http://whois.domaintools.com/javeupdatecaa.com
Domain Name: JAVEUPDATECAA.COM
Creation Date: 2013-10-23 12:05:00Z
Registrar Registration Expiration Date: 2014-10-23 12:05:00Z
(C'est tout frais.. on dirait!)
2. Je te recommande de jeter un oeil... ;-)
http://assiste.forum.free.fr/viewtopic.php?f=127&t=28411
3. Je vois que je ne suis pas le seul concerner...
https://forums.commentcamarche.net/forum/affich-29030495-popups
http://javeupdatecaa.com
1. Très louche tous ça... regarde Malekal_Morte le whois:
Whois : http://whois.domaintools.com/javeupdatecaa.com
Domain Name: JAVEUPDATECAA.COM
Creation Date: 2013-10-23 12:05:00Z
Registrar Registration Expiration Date: 2014-10-23 12:05:00Z
(C'est tout frais.. on dirait!)
2. Je te recommande de jeter un oeil... ;-)
http://assiste.forum.free.fr/viewtopic.php?f=127&t=28411
3. Je vois que je ne suis pas le seul concerner...
https://forums.commentcamarche.net/forum/affich-29030495-popups
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 15:46
3 nov. 2013 à 15:46
non mais je connais les fausses pages de mises à jour java et autres...https://www.malekal.com/adwares-pup-protection/
C'est sur quel navigateur ?
C'est sur quel navigateur ?
mes messages ne s'affichent plus...
Je sais que tu connais ce genre d'infection, moi aussi d,ailleurs.. mais là ça semble d,être une attaque générale provenant d'un serveur dédié avec plusieurs domaine inclus. Je vois qu'une solution face à ce désagément: bloquer les domaines principales.
Je suis sous firefox. Et aujourd'hui google chrome m'as fait la même chose. Donc surement pas un module infecté.
Je sais que tu connais ce genre d'infection, moi aussi d,ailleurs.. mais là ça semble d,être une attaque générale provenant d'un serveur dédié avec plusieurs domaine inclus. Je vois qu'une solution face à ce désagément: bloquer les domaines principales.
Je suis sous firefox. Et aujourd'hui google chrome m'as fait la même chose. Donc surement pas un module infecté.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 16:21
3 nov. 2013 à 16:21
Tu peux mettre le rapport OTL sur pjjoint comme c'était demandé.
C'est illisible en le mettant directement ici.
C'est illisible en le mettant directement ici.
Malekal_morte- 3 nov. 2013 à 11:05
Pas super lisible, tu peux utiliser http://pjjoint.malekal.com pour faire passer le rapport ?
Jason 3 nov. 2013 à 15:00
rebonjour,
Voila comme demandé le rapport d'OTL:
http://pjjoint.malekal.com/files.php?id=OTL_20131103_m8b14k8w9w6
Et le second rapport: "Extra.txt"
http://pjjoint.malekal.com/files.php?id=OTL_Extras_20131103_n11c11y10s14u15
J'avais "déjà" envoyé les rapports me semble t'il.
Pas super lisible, tu peux utiliser http://pjjoint.malekal.com pour faire passer le rapport ?
Jason 3 nov. 2013 à 15:00
rebonjour,
Voila comme demandé le rapport d'OTL:
http://pjjoint.malekal.com/files.php?id=OTL_20131103_m8b14k8w9w6
Et le second rapport: "Extra.txt"
http://pjjoint.malekal.com/files.php?id=OTL_Extras_20131103_n11c11y10s14u15
J'avais "déjà" envoyé les rapports me semble t'il.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 656
3 nov. 2013 à 17:26
3 nov. 2013 à 17:26
Désinstalle le programme météo.
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Fais skip sur les détections.
Clic en haut à droite sur reports.
Vas sur http://pjjoint.malekal.com et copie/colle le contenu du rapport TDSSKiller en bas, fais envoyer.
Donne le lien du rapport pjjoint ici dans un nouveau message.
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Fais skip sur les détections.
Clic en haut à droite sur reports.
Vas sur http://pjjoint.malekal.com et copie/colle le contenu du rapport TDSSKiller en bas, fais envoyer.
Donne le lien du rapport pjjoint ici dans un nouveau message.