cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 02/07/2015 03:00:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ff\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 59,13% Memory free
5,73 Gb Paging File | 4,33 Gb Available in Paging File | 75,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 120,93 Gb Free Space | 82,61% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 149,92 Gb Free Space | 98,89% Space Free | Partition Type: NTFS

Computer Name: FF-PC | User Name: ff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/07/02 03:00:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ff\Downloads\OTL.exe
PRC - [2015/06/21 13:57:53 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/06/20 13:56:08 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/06/20 13:56:03 | 003,207,800 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2015/05/26 03:12:38 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/04/07 21:34:52 | 000,144,008 | ---- | M] (© 2015 Microsoft Corporation) -- C:\Users\ff\AppData\Local\Microsoft\BingSvc\BingSvc.exe
PRC - [2012/01/09 18:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe
PRC - [2010/12/07 18:01:00 | 000,208,384 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE
PRC - [2010/08/30 10:32:24 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/10 02:41:27 | 000,402,263 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe
PRC - [2009/08/26 20:38:49 | 002,661,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/05/28 12:34:38 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
PRC - [2007/09/02 10:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/06/20 13:56:11 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/06/20 13:56:10 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/06/20 13:56:10 | 000,104,400 | ---- | M] () -- C:\PROGRA~1\AVASTS~1\Avast\log.dll
MOD - [2015/06/20 13:56:08 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/06/20 13:56:08 | 000,081,728 | ---- | M] () -- C:\PROGRA~1\AVASTS~1\Avast\JsonRpcServer.dll
MOD - [2012/01/09 18:01:00 | 000,233,472 | ---- | M] () -- C:\Program Files\HSPA USB Modem\HSPALauncher.exe
MOD - [2011/10/21 18:49:58 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2009/09/10 02:41:27 | 000,402,263 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe
MOD - [2009/06/10 22:08:45 | 000,140,800 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008/05/28 12:37:39 | 000,351,000 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Reference 2009\MSENCXML.DLL
MOD - [2008/05/28 12:37:38 | 000,228,120 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Reference 2009\MSENCDAT.DLL
MOD - [2008/05/28 12:37:37 | 000,269,080 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Reference 2009\ERSREGPR.DLL
MOD - [2008/05/28 12:37:35 | 000,178,968 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Reference 2009\ENCCONT.DLL
MOD - [2008/05/28 12:34:38 | 000,068,376 | ---- | M] () -- C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICTEIT.EBK
MOD - [2007/09/02 10:28:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 10:27:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2015/06/20 13:56:08 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/06/20 13:56:03 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2015/06/03 16:42:38 | 000,327,296 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/05/26 03:12:49 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2015/06/26 07:30:41 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2015/06/20 13:56:12 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/06/20 13:56:12 | 000,106,912 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/06/20 13:56:12 | 000,081,728 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/06/20 13:56:12 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/06/20 13:56:12 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/06/20 13:56:12 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/06/20 13:56:04 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015/06/20 13:56:03 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2012/01/01 13:33:03 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/09/08 17:40:24 | 000,363,112 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2011/08/23 15:11:49 | 000,270,336 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/01/24 14:39:08 | 002,152,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/10/29 17:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/02/27 01:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/08/29 18:54:40 | 000,103,552 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2007/12/12 15:04:56 | 000,034,963 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hid7906.sys -- (hid7906)
DRV - [2007/12/03 09:46:12 | 000,037,024 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hid8101.sys -- (hid8101)
DRV - [2007/11/28 11:52:46 | 000,034,587 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hid8103.sys -- (hid8103)
DRV - [2007/06/18 14:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://api.m5zn.com/homepage/?type=upload
IE - HKLM\..\SearchScopes,DefaultScope = {756D1D40-E491-4E1D-9BC6-5B37CEDE646E}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}: "URL" = http://www.m5zn.com/search/result.html?source=ie&type=web&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1552122

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://api.m5zn.com/homepage/?type=upload [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=fr-fr
IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKCU\..\SearchScopes\{358E8E43-2103-475F-81BE-37C3B4FF28A2}: "URL" = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
IE - HKCU\..\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}: "URL" = http://www.m5zn.com/search/result.html?source=ie&type=web&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1552122
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "DZ"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.region: "DZ"
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.5
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/06/20 13:56:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: install
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Market: fr-fr
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Package: DefaultPack
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\OSVersion: 6.1.7600.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\LVersion: 1.7.46.0
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\MFVersion: MF38.0.5 (x86 fr)

[2015/06/29 16:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ff\AppData\Roaming\mozilla\Extensions
[2015/06/29 16:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ff\AppData\Roaming\mozilla\Firefox\Profiles\hzljlz9t.default\extensions
[2015/06/29 16:25:05 | 000,000,000 | ---D | M] ("Bing Search") -- C:\Users\ff\AppData\Roaming\mozilla\Firefox\Profiles\hzljlz9t.default\extensions\bingsearch.full@microsoft.com
[2015/06/29 16:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2015/06/29 16:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2015/06/29 16:02:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/01/15 20:04:13 | 000,000,863 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 77.67.20.138 upgrade.bitdefender.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {511131F1-4629-4254-A85F-ED7B6D75DD3C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HSPALauncher] C:\PROGRA~1\HSPAUS~1\HSPALA~1.EXE ()
O4 - HKCU..\Run: [BingSvc] C:\Users\ff\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKCU..\Run: [E09FXLRD_5765703] C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX130 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Updates = "C:\system32\SystemProtection.exe" /e:VBScript.Encode "C:\kernel\r00t3r" (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\sdate: sdate = 33
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E291C0FE-63B2-497E-A2C0-D5821C2507E5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2fc4bd93-d434-11e4-bfc1-1803739bdf75}\Shell - "" = AutoRun
O33 - MountPoints2\{2fc4bd93-d434-11e4-bfc1-1803739bdf75}\Shell\AutoRun\command - "" = F:\iLinker.exe
O33 - MountPoints2\{ae52efca-558e-11e2-a0fa-1803739bdf75}\Shell - "" = AutoRun
O33 - MountPoints2\{ae52efca-558e-11e2-a0fa-1803739bdf75}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{ae52efd0-558e-11e2-a0fa-1803739bdf75}\Shell - "" = AutoRun
O33 - MountPoints2\{ae52efd0-558e-11e2-a0fa-1803739bdf75}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/06/29 16:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2015/06/29 16:45:21 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Roaming\ZHP
[2015/06/29 16:34:57 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Local\Programs
[2015/06/29 16:21:22 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Local\Skype
[2015/06/29 16:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/06/29 16:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2015/06/29 16:21:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2015/06/29 16:16:16 | 000,246,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2015/06/29 16:03:05 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Roaming\Mozilla
[2015/06/29 16:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015/06/29 16:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2015/06/29 15:38:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2015/06/21 00:03:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\vbox
[2015/06/20 14:18:50 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Roaming\AVAST Software
[2015/06/20 13:56:22 | 000,106,912 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswStm.sys
[2015/06/20 13:56:18 | 000,291,312 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015/06/20 13:56:10 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015/06/20 01:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2015/06/20 00:37:44 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Roaming\WendigoStudios
[2015/06/20 00:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2015/06/19 22:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2015/06/19 22:19:11 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Roaming\Artogon
[2015/06/19 21:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2015/06/19 21:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish
[2015/06/19 21:48:55 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Local\Big Fish
[2015/06/19 21:48:53 | 000,000,000 | ---D | C] -- C:\BigFishCache
[2015/06/19 08:16:29 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Roaming\MailProducts
[2015/06/19 08:16:29 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Local\Mail.Ru
[2015/06/19 08:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Guard.Mail.Ru
[2015/06/19 07:31:08 | 001,001,704 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\7z.dll
[2015/06/18 07:33:54 | 000,000,000 | ---D | C] -- C:\Users\ff\AppData\Local\Apps

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/07/02 02:59:15 | 000,016,944 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/07/02 02:59:15 | 000,016,944 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/07/02 02:56:29 | 000,695,004 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2015/07/02 02:56:29 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/07/02 02:56:29 | 000,127,684 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2015/07/02 02:56:29 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/07/02 02:52:12 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/07/02 02:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/07/02 02:51:47 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2015/06/29 16:50:49 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2015/06/29 16:25:38 | 000,000,124 | ---- | M] () -- C:\Users\ff\Desktop\Internet - Raccourci.lnk
[2015/06/29 16:13:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/06/29 16:02:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/06/29 15:52:48 | 000,243,592 | ---- | M] () -- C:\Users\ff\Documents\Firefox Setup Stub 38.0.5.exe
[2015/06/29 15:32:15 | 000,000,016 | ---- | M] () -- C:\Windows\ka.ini
[2015/06/26 07:30:41 | 000,428,120 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswsp.sys
[2015/06/20 13:57:30 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/06/20 13:56:12 | 000,209,048 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015/06/20 13:56:12 | 000,106,912 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswStm.sys
[2015/06/20 13:56:12 | 000,081,728 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr2.sys
[2015/06/20 13:56:12 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015/06/20 13:56:12 | 000,049,904 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015/06/20 13:56:12 | 000,024,144 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2015/06/20 13:56:10 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015/06/20 13:56:10 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015/06/20 13:56:04 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys
[2015/06/20 13:36:47 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2015/06/20 00:40:58 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2015/06/19 07:32:04 | 003,698,408 | ---- | M] (Commtouch) -- C:\Windows\System32\asapsdk.dll
[2015/06/19 07:31:50 | 001,680,616 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\contfilt.dll
[2015/06/19 07:31:45 | 000,174,312 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwnsp.dll
[2015/06/19 07:31:43 | 001,379,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\mwtsp.dll
[2015/06/19 07:31:42 | 000,097,000 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tsp.exe
[2015/06/19 07:31:22 | 000,000,152 | ---- | M] () -- C:\Windows\ERS.BAT
[2015/06/19 07:31:14 | 002,110,184 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\System32\test2.exe
[2015/06/19 07:31:07 | 001,001,704 | ---- | M] (Igor Pavlov) -- C:\Windows\System32\7z.dll
[2015/06/19 07:30:42 | 000,081,640 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\killproc.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/06/29 16:50:49 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2015/06/29 16:25:38 | 000,000,124 | ---- | C] () -- C:\Users\ff\Desktop\Internet - Raccourci.lnk
[2015/06/29 16:02:57 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/06/29 16:02:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/06/29 15:52:48 | 000,243,592 | ---- | C] () -- C:\Users\ff\Documents\Firefox Setup Stub 38.0.5.exe
[2015/06/20 13:57:30 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/06/20 13:56:21 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2015/06/20 13:36:47 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015/06/20 13:36:47 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015/06/19 07:31:22 | 000,000,152 | ---- | C] () -- C:\Windows\ERS.BAT
[2012/02/02 14:48:02 | 000,002,325 | ---- | C] () -- C:\Users\ff\Try Other Games.lnk
[2012/01/01 14:01:36 | 000,002,753 | ---- | C] () -- C:\Users\ff\Microsoft Office Word 2007.lnk
[2012/01/01 13:24:58 | 000,000,194 | R--- | C] () -- C:\Users\ff\Astuces-Se7en"!.URL

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/02/28 06:39:57 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013/01/16 01:07:16 | 000,024,816 | ---- | M] ()(C:\Users\ff\Documents\? ?? ????? ?????? ? ????? ?????? ?? ??????.docx) -- C:\Users\ff\Documents\+ 9F EH'1/ 'DEJ'G H E5'/1 'DEJ'G AJ 'D9'DE.docx
[2013/01/16 01:07:16 | 000,024,816 | ---- | C] ()(C:\Users\ff\Documents\? ?? ????? ?????? ? ????? ?????? ?? ??????.docx) -- C:\Users\ff\Documents\+ 9F EH'1/ 'DEJ'G H E5'/1 'DEJ'G AJ 'D9'DE.docx
[2013/01/16 00:58:54 | 000,000,000 | ---D | M](C:\Users\ff\Documents\?????_?????_fichiers) -- C:\Users\ff\Documents\*91JA_'DE'!_fichiers
[2013/01/16 00:39:23 | 000,082,112 | ---- | M] ()(C:\Users\ff\Documents\?????_?????.htm) -- C:\Users\ff\Documents\*91JA_'DE'!.htm
[2013/01/16 00:38:22 | 000,082,112 | ---- | C] ()(C:\Users\ff\Documents\?????_?????.htm) -- C:\Users\ff\Documents\*91JA_'DE'!.htm
[2013/01/16 00:38:22 | 000,000,000 | ---D | C](C:\Users\ff\Documents\?????_?????_fichiers) -- C:\Users\ff\Documents\*91JA_'DE'!_fichiers
[2013/01/16 00:23:54 | 000,084,762 | ---- | M] ()(C:\??? ????? ?? ???????.htm) -- C:\/H1 'DE'! AJ 'D7(J9).htm
[2013/01/16 00:23:54 | 000,084,762 | ---- | C] ()(C:\??? ????? ?? ???????.htm) -- C:\/H1 'DE'! AJ 'D7(J9).htm
[2013/01/16 00:23:54 | 000,000,000 | ---D | M](C:\??? ????? ?? ???????_fichiers) -- C:\/H1 'DE'! AJ 'D7(J9)_fichiers
[2013/01/16 00:23:54 | 000,000,000 | ---D | C](C:\??? ????? ?? ???????_fichiers) -- C:\/H1 'DE'! AJ 'D7(J9)_fichiers
[2013/01/16 00:22:42 | 000,082,112 | ---- | M] ()(C:\?????_?????.htm) -- C:\*91JA_'DE'!.htm
[2013/01/16 00:20:07 | 000,000,000 | ---D | M](C:\?????_?????_fichiers) -- C:\*91JA_'DE'!_fichiers
[2013/01/16 00:20:01 | 000,082,112 | ---- | C] ()(C:\?????_?????.htm) -- C:\*91JA_'DE'!.htm
[2013/01/16 00:20:01 | 000,000,000 | ---D | C](C:\?????_?????_fichiers) -- C:\*91JA_'DE'!_fichiers

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:609CAC7C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:AA8AD2BF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:661DC753
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:F1175E1D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:014BC3B4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3E06C78F

< End of report >

Publicité


Signaler le contenu de ce document

Publicité