cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 29/11/2015 14:22:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ALEX\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18097)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,37% Memory free
5,98 Gb Paging File | 4,42 Gb Available in Paging File | 74,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,12 Gb Total Space | 30,93 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
Drive D: | 391,53 Gb Total Space | 87,16 Gb Free Space | 22,26% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: ALEX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/11/29 14:17:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ALEX\Downloads\OTL.exe
PRC - [2015/10/21 14:12:42 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\ALEX\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
PRC - [2015/10/21 13:45:40 | 001,822,048 | ---- | M] (BitTorrent Inc.) -- C:\Users\ALEX\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2015/09/24 00:34:44 | 000,815,944 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015/08/07 21:26:06 | 098,265,088 | ---- | M] () -- C:\Windows\System32\SYSALEX-PC.exe
PRC - [2015/07/08 23:26:02 | 000,173,088 | ---- | M] () -- C:\Users\ALEX\AppData\Roaming\NetService\netservice.exe
PRC - [2015/07/07 21:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/05/11 12:34:12 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/05/01 12:33:44 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/05/01 12:33:39 | 003,207,800 | ---- | M] (Avast Software) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2015/04/26 23:38:28 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014/10/08 16:26:00 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/01 18:00:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/11/27 01:34:20 | 000,226,816 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\45.0.2454.101\chrome_elf.dll
MOD - [2015/11/13 00:44:59 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\6a7513651818b48e869b25e9cf58d25c\Microsoft.VisualBasic.ni.dll
MOD - [2015/11/13 00:40:19 | 013,201,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f5858bb18f343b2b39686974a7a91d8e\System.Windows.Forms.ni.dll
MOD - [2015/10/15 14:20:48 | 016,493,256 | ---- | M] () -- C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll
MOD - [2015/10/04 02:48:46 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\70c2b5ce571b7cde730eda256ec1c2cf\System.Drawing.ni.dll
MOD - [2015/08/07 21:26:06 | 098,265,088 | ---- | M] () -- C:\Windows\System32\SYSALEX-PC.exe
MOD - [2015/05/13 02:44:06 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4d27c828074bd944e16c1f48f23b6c75\System.Configuration.ni.dll
MOD - [2015/05/13 02:43:59 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9f0b6b22e726b112ba814c628b85e6c7\System.Core.ni.dll
MOD - [2015/05/01 12:33:46 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/05/01 12:33:45 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/05/01 12:33:44 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/04/27 00:43:35 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\155fc891ae4beef23143920c7c476914\System.Management.ni.dll
MOD - [2015/04/27 00:34:51 | 005,632,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d6d58d8a2343199405d3bfc4853983a5\System.Xml.ni.dll
MOD - [2015/04/27 00:34:48 | 009,101,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6783353a6277418227e5b0e5a043049e\System.ni.dll
MOD - [2015/04/26 23:48:51 | 014,416,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f014b1f34734c93956924e68c67ecb55\mscorlib.ni.dll
MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2015/10/30 20:36:30 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/07/22 15:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/07/08 23:26:02 | 000,173,088 | ---- | M] () [Auto | Running] -- C:\Users\ALEX\AppData\Roaming\NetService\netservice.exe -- (NetTcpHandler)
SRV - [2015/07/07 21:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/05/01 12:33:44 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/05/01 12:33:39 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 02:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\wsfd_vt_1_10_0_20.sys -- (wsfd_vt_1_10_0_20)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2015/06/27 03:30:27 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2015/06/11 15:15:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2015/05/13 00:33:27 | 000,025,104 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV - [2015/05/13 00:13:04 | 000,329,384 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2015/05/01 12:33:47 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/05/01 12:33:47 | 000,106,912 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/05/01 12:33:47 | 000,081,728 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/05/01 12:33:47 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/05/01 12:33:47 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/05/01 12:33:47 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/05/01 12:33:40 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015/05/01 12:33:39 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 08:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/01 17:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2014/10/08 14:51:10] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/13 21:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 20:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.mystartsearch.com/web/?type=ds&ts=1437432488&z=8a2763e68c40270939dd8cdgaz0c7m1zdceo2z7z0q&from=slbnew&uid=SAMSUNGXHD502HI_S1ZVJ50S705367&q={searchTerms}
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKLM\..\SearchScopes\OldSearch: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=install_ie&utm_content=ds&from=slbnew&uid=SAMSUNGXHD502HI_S1ZVJ50S705367&ts=1437432541&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=install_ie&utm_content=ds&from=slbnew&uid=SAMSUNGXHD502HI_S1ZVJ50S705367&ts=1437432541&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=install_ie&utm_content=ds&from=slbnew&uid=SAMSUNGXHD502HI_S1ZVJ50S705367&ts=1437432541&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=install_ie&utm_content=ds&from=slbnew&uid=SAMSUNGXHD502HI_S1ZVJ50S705367&ts=1437432541&type=default&q={searchTerms}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\..\SearchScopes\OldSearch: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1105228393-971659579-141446964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:17403


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014/10/08 16:26:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/08/30 22:58:02 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.210_0\
CHR - Extension: No name found = C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: No name found = C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopfedkhklpgeibpgfidepmdfbhhcllc\1.0.0_0\
CHR - Extension: No name found = C:\Users\ALEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\

O1 HOSTS File: ([2009/06/10 19:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Java Scheduler 7] C:\Windows\system32\Java8.exe File not found
O4 - HKLM..\Run: [Java7 Update] C:\Windows\System32\SYSALEX-PC.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1105228393-971659579-141446964-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-1105228393-971659579-141446964-1000..\Run: [AirDroid 3] C:\Program Files\AirDroid\AirDroid.exe /start File not found
O4 - HKU\S-1-5-21-1105228393-971659579-141446964-1000..\Run: [uTorrent] C:\Users\ALEX\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-1105228393-971659579-141446964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9830A49-4E0D-4D7B-966C-BE1FBE62CAAB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/11/29 13:54:25 | 000,000,000 | ---D | C] -- C:\Users\ALEX\AppData\Roaming\Google
[2015/11/29 13:53:39 | 000,000,000 | R--D | C] -- C:\Users\ALEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
[2015/11/19 23:25:24 | 000,000,000 | ---D | C] -- C:\Users\ALEX\AppData\Roaming\shortCutStore
[2015/08/07 21:24:01 | 000,385,536 | ---- | C] (Systems Inc) -- C:\Users\ALEX\AppData\Roaming\net.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/11/29 14:24:22 | 001,835,008 | -HS- | M] () -- C:\Users\ALEX\ntuser.dat
[2015/11/29 14:15:18 | 000,000,502 | RHS- | M] () -- C:\Users\ALEX\ntuser.pol
[2015/11/29 13:56:30 | 001,690,096 | ---- | M] (GlavSoft LLC.) -- C:\Windows\System32\crov.exe
[2015/11/29 13:56:06 | 000,000,002 | ---- | M] () -- C:\Windows\System32\ALEX-PCX.xml
[2015/11/29 13:52:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2015/11/29 13:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/11/29 13:52:38 | 2408,243,200 | -HS- | M] () -- C:\hiberfil.sys
[2015/11/28 13:53:28 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/11/28 13:53:27 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/11/28 13:53:16 | 005,873,318 | -H-- | M] () -- C:\Users\ALEX\AppData\Local\IconCache.db
[2015/11/28 12:56:40 | 000,002,198 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/11/27 16:08:44 | 001,517,030 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2015/11/27 16:08:44 | 000,663,606 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2015/11/27 16:08:44 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/11/27 16:08:44 | 000,127,896 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2015/11/27 16:08:44 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/11/13 23:26:58 | 000,412,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/11/29 14:10:16 | 000,000,502 | RHS- | C] () -- C:\Users\ALEX\ntuser.pol
[2015/10/15 20:00:01 | 000,524,288 | -HS- | C] () -- C:\Users\ALEX\ntuser.dat{fc47a1e7-7387-11e5-8a75-002421894906}.TMContainer00000000000000000002.regtrans-ms
[2015/10/15 20:00:01 | 000,524,288 | -HS- | C] () -- C:\Users\ALEX\ntuser.dat{fc47a1e7-7387-11e5-8a75-002421894906}.TMContainer00000000000000000001.regtrans-ms
[2015/10/15 20:00:01 | 000,065,536 | -HS- | C] () -- C:\Users\ALEX\ntuser.dat{fc47a1e7-7387-11e5-8a75-002421894906}.TM.blf
[2015/08/30 22:55:39 | 000,524,288 | -HS- | C] () -- C:\Users\ALEX\ntuser.dat{e1a59ee8-4f7a-11e5-8408-002421894906}.TMContainer00000000000000000002.regtrans-ms
[2015/08/30 22:55:39 | 000,524,288 | -HS- | C] () -- C:\Users\ALEX\ntuser.dat{e1a59ee8-4f7a-11e5-8408-002421894906}.TMContainer00000000000000000001.regtrans-ms
[2015/08/30 22:55:39 | 000,065,536 | -HS- | C] () -- C:\Users\ALEX\ntuser.dat{e1a59ee8-4f7a-11e5-8408-002421894906}.TM.blf
[2015/08/07 21:26:00 | 098,265,088 | ---- | C] () -- C:\Windows\System32\SYSALEX-PC.exe
[2015/07/22 22:28:21 | 000,002,198 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/07/20 20:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\prleth.sys
[2015/07/20 20:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\hgfs.sys
[2015/04/26 01:39:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2015/04/26 01:37:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2015/04/26 01:37:46 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2014/10/08 16:50:35 | 005,873,318 | -H-- | C] () -- C:\Users\ALEX\AppData\Local\IconCache.db
[2014/10/08 15:23:20 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2014/10/08 14:55:53 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/10/08 14:55:53 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/10/08 14:55:52 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/10/08 14:55:21 | 000,109,672 | ---- | C] () -- C:\Users\ALEX\AppData\Local\GDIPFONTCACHEV1.DAT
[2014/10/08 14:24:28 | 001,517,030 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2014/10/08 14:19:27 | 001,835,008 | -HS- | C] () -- C:\Users\ALEX\ntuser.dat
[2014/10/08 14:19:27 | 000,524,288 | -HS- | C] () -- C:\Users\ALEX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2014/10/08 14:19:27 | 000,524,288 | -HS- | C] () -- C:\Users\ALEX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2014/10/08 14:19:27 | 000,065,536 | -HS- | C] () -- C:\Users\ALEX\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2014/10/08 14:19:27 | 000,000,020 | -HS- | C] () -- C:\Users\ALEX\ntuser.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 15:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >[/color]
"DefaultConnectionSettings" = 46 00 00 00 40 2F 00 00 03 00 00 00 0F 00 00 00 31 32 37 2E 30 2E 30 2E 31 3A 31 37 34 30 33 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 50 25 97 3E 7B 80 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 6A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 E4 41 00 00 03 00 00 00 0F 00 00 00 31 32 37 2E 30 2E 30 2E 31 3A 31 37 34 30 33 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 50 25 97 3E 7B 80 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 6A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"Conexão de Banda Larga" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]
"Conexão de Banda Larga 2" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< End of report >

Publicité


Signaler le contenu de ce document

Publicité