Trojan.generic.6753450
Fermé
vietkong93
Messages postés
32
Date d'inscription
mercredi 21 novembre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
-
21 nov. 2012 à 13:27
Utilisateur anonyme - 24 nov. 2012 à 02:46
Utilisateur anonyme - 24 nov. 2012 à 02:46
8 réponses
SlyK
Messages postés
854
Date d'inscription
vendredi 11 mars 2011
Statut
Contributeur sécurité
Dernière intervention
6 octobre 2014
147
Modifié par SlyK le 21/11/2012 à 13:29
Modifié par SlyK le 21/11/2012 à 13:29
Bonjour vietkong93,
Je t'invite à faire ceci : AdwCleaner : Mode suppression
Puis : OTL : Générer un rapport
@+
Je t'invite à faire ceci : AdwCleaner : Mode suppression
Puis : OTL : Générer un rapport
@+
vietkong93
Messages postés
32
Date d'inscription
mercredi 21 novembre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
21 nov. 2012 à 13:45
21 nov. 2012 à 13:45
Bonjour Slyk,
Merci pour ta réponse rapide
J'ai réalisé la procédure, ci dessous le rapport généré par OTL..
OTL logfile created on: 21/11/2012 13:41:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kl\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
7,96 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,45% Memory free
15,91 Gb Paging File | 13,61 Gb Available in Paging File | 85,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,00 Gb Free Space | 59,54% Space Free | Partition Type: NTFS
Computer Name: YFRW7E020 | User Name: kl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - File not found --
PRC - [2012/11/21 13:41:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kl\Downloads\OTL.exe
PRC - [2012/11/01 04:29:06 | 001,011,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
PRC - [2012/11/01 04:29:06 | 000,605,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2012/10/08 20:54:50 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/06 16:47:14 | 000,062,144 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
PRC - [2012/02/06 16:47:00 | 000,189,120 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FNRB32.exe
PRC - [2012/02/06 16:47:00 | 000,131,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FIH32.exe
PRC - [2012/02/06 16:46:52 | 000,303,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSM32.EXE
PRC - [2012/02/06 16:46:52 | 000,189,120 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSMA32.EXE
PRC - [2012/02/06 16:46:52 | 000,090,816 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSHDLL32.EXE
PRC - [2012/02/06 16:46:06 | 000,488,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
PRC - [2012/02/06 16:46:06 | 000,221,888 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/08/28 20:22:56 | 000,077,824 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/06 16:46:18 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\strres.eng
MOD - [2012/02/06 16:46:16 | 000,553,664 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\gres.dll
MOD - [2012/02/06 16:46:14 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\flyerres.eng
MOD - [2012/02/06 16:46:14 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\fsavures.eng
MOD - [2012/02/06 16:46:12 | 000,443,072 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\about.dll
MOD - [2012/02/06 16:46:12 | 000,090,816 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\aboutres.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2012/01/06 17:20:46 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2012/01/06 17:20:44 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008/05/08 00:29:37 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2012/10/08 20:54:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/06 16:47:14 | 000,062,144 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/02/06 16:47:00 | 000,189,120 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\common\FNRB32.exe -- (F-Secure Network Request Broker)
SRV - [2012/02/06 16:46:52 | 000,189,120 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\common\FSMA32.EXE -- (FSMA)
SRV - [2012/02/06 16:46:32 | 000,855,232 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2012/02/06 16:46:26 | 000,517,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe -- (fsdevcon)
SRV - [2012/02/06 16:46:06 | 000,221,888 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 20:22:56 | 000,077,824 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/09/24 10:16:14 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/06/07 16:52:02 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2012/06/07 16:52:00 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:[b]64bit:[/b] - [2012/05/25 17:44:06 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/05/25 17:44:06 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:44 | 000,100,728 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snxppamd.sys -- (SNXPPAMD)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:44 | 000,097,144 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snxpsamd.sys -- (SNXPSAMD)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:04 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:04 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:04 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/06 16:46:32 | 000,095,136 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:[b]64bit:[/b] - [2012/02/06 16:46:28 | 000,046,848 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:[b]64bit:[/b] - [2012/01/06 17:21:14 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:46 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:26 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:22 | 000,234,112 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwdelserial.sys -- (nwdelserial)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:22 | 000,034,304 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwdelgobi3kfilter.sys -- (nwdelgobi3kfilter)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:[b]64bit:[/b] - [2011/07/16 05:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:[b]64bit:[/b] - [2011/06/07 16:06:44 | 000,019,968 | ---- | M] (YASKAWA ELECTRIC CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CpUSB.sys -- (CpUSB)
DRV:[b]64bit:[/b] - [2011/04/15 01:32:50 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/02/21 20:14:16 | 000,017,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcm.sys -- (tcm)
DRV:[b]64bit:[/b] - [2011/02/21 20:14:02 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2011/02/21 20:14:02 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2010/12/20 07:08:08 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/29 23:31:22 | 000,129,536 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV:[b]64bit:[/b] - [2009/05/29 23:31:22 | 000,088,576 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV:[b]64bit:[/b] - [2009/05/29 23:31:22 | 000,010,496 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsser.sys -- (GTUHSSER)
DRV:[b]64bit:[/b] - [2008/03/17 18:12:28 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2012/11/01 04:29:33 | 000,199,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/09/24 10:10:54 | 000,033,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2012/02/06 16:46:46 | 000,062,016 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012/02/06 16:46:06 | 000,042,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2012/02/06 16:46:06 | 000,027,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2012/02/06 16:46:06 | 000,015,040 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A3DA7B87-3856-4B9C-AE13-C4428BDDEB7F}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E86011FD-1461-450A-BCB3-C847A9A83A75&apn_sauid=4221B152-ACCD-4713-9CEC-5A8A27BF6365
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2012/11/21 09:23:44 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/11/21 11:16:13 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll (Ask.com)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = motoman.se
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947955F7-5927-482D-876D-5913BC4F0760}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAB277EC-6F28-4D22-B57D-71A496DF54BD}: DhcpNameServer = 193.253.141.132 193.253.141.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFC52D7C-6F22-4E93-848C-7511E261DCC1}: DhcpNameServer = 193.253.141.133 193.253.141.132
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{821a4357-0b9f-11e2-a400-d067e5571e28}\Shell - "" = AutoRun
O33 - MountPoints2\{821a4357-0b9f-11e2-a400-d067e5571e28}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/11/21 13:39:06 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2012/11/21 13:39:06 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\SysNative\Crypserv.exe
[2012/11/21 13:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/11/21 13:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2012/11/21 13:07:41 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/11/21 12:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/11/21 12:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/11/21 12:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/11/21 12:18:04 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2012/11/21 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\QuickScan
[2012/11/21 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/11/21 12:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/11/21 11:45:46 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\Malwarebytes
[2012/11/21 11:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/21 11:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/21 11:45:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/21 11:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/21 11:19:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/11/21 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\MFAData
[2012/11/21 11:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/11/21 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\Avg2013
[2012/11/21 11:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/21 11:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/21 11:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/21 10:27:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MotionWorks IEC 2
[2012/11/21 10:23:20 | 000,000,000 | ---D | C] -- C:\Documents
[2012/11/21 10:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ADE
[2012/11/21 10:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ADE
[2012/11/21 10:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaskawa
[2012/11/14 09:37:18 | 000,000,000 | ---D | C] -- C:\Users\kl\Desktop\Intervention_Amada_14112012
[2012/11/07 11:05:07 | 000,000,000 | ---D | C] -- C:\Users\kl\Desktop\Otech_client
[2012/10/24 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\Apple Computer
[2012/10/24 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\Apple Computer
[2012/10/24 18:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/24 18:01:54 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/10/24 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/24 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\Apple
[2012/10/24 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/10/24 18:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/10/24 18:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/10/24 18:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/10/24 18:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/10/24 18:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/10/24 16:12:22 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\FreeTorrentViewer
[2012/10/24 16:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchresults
[2012/10/24 16:12:13 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeTorrentViewer
[2012/10/24 16:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTorrentViewer
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/11/21 13:39:10 | 000,000,073 | ---- | M] () -- C:\Windows\Crypkey.ini
[2012/11/21 13:38:11 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\MotionWorks IEC 2 Express.lnk
[2012/11/21 13:36:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/21 13:36:52 | 2113,679,359 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 13:18:44 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 13:18:44 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 13:07:43 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/21 13:07:43 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/21 13:07:43 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/21 12:53:44 | 000,002,099 | ---- | M] () -- C:\Users\kl\Desktop\HijackThis.lnk
[2012/11/21 12:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/21 12:45:20 | 001,683,898 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/21 12:45:20 | 000,752,538 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/11/21 12:45:20 | 000,659,380 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/21 12:45:20 | 000,152,140 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/11/21 12:45:20 | 000,124,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/21 12:33:25 | 000,227,187 | ---- | M] () -- C:\ProgramData\1353497573.bdinstall.bin
[2012/11/21 12:18:47 | 000,662,373 | ---- | M] () -- C:\ProgramData\1353496295.bdinstall.bin
[2012/11/21 12:18:41 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012/11/21 11:16:13 | 000,444,833 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/21 11:08:51 | 000,001,288 | ---- | M] () -- C:\Users\kl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/21 10:35:52 | 000,004,096 | ---- | M] () -- C:\Users\kl\Desktop\Otech_client.mwt
[2012/11/15 21:00:01 | 000,025,198 | ---- | M] () -- C:\Users\kl\Desktop\D.2012.11.15.CDingenierie.V1000.KL.pdf
[2012/11/14 21:35:59 | 000,609,257 | ---- | M] () -- C:\Users\kl\Desktop\TN.MCD.11.pdf
[2012/11/14 12:11:00 | 000,232,951 | ---- | M] () -- C:\Users\kl\Desktop\Axe X1_150ms.pdf
[2012/11/13 19:05:36 | 002,602,359 | ---- | M] () -- C:\Users\kl\Desktop\(Company_presentation_2012_french [Mode de compatibilité]).pdf
[2012/11/09 08:39:04 | 004,557,947 | ---- | M] () -- C:\Users\kl\Desktop\YEA-SIA-IEC-2.pdf
[2012/11/07 11:22:51 | 000,002,240 | ---- | M] () -- C:\Windows\SysNative\esnecil.ind
[2012/11/07 11:22:50 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2012/10/24 17:43:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/24 13:46:27 | 000,000,350 | ---- | M] () -- C:\Users\kl\Documents\20121024144622.dwp
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/11/21 13:39:06 | 000,028,664 | ---- | C] () -- C:\Windows\SysNative\Ckldrv.sys
[2012/11/21 13:39:06 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/11/21 13:39:06 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/11/21 13:39:06 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012/11/21 13:38:11 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\MotionWorks IEC 2 Express.lnk
[2012/11/21 13:07:43 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/21 13:07:43 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/21 13:07:43 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/21 12:53:44 | 000,002,099 | ---- | C] () -- C:\Users\kl\Desktop\HijackThis.lnk
[2012/11/21 12:33:24 | 000,227,187 | ---- | C] () -- C:\ProgramData\1353497573.bdinstall.bin
[2012/11/21 12:18:47 | 000,662,373 | ---- | C] () -- C:\ProgramData\1353496295.bdinstall.bin
[2012/11/21 12:18:41 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012/11/21 11:08:51 | 000,001,288 | ---- | C] () -- C:\Users\kl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/15 21:00:00 | 000,025,198 | ---- | C] () -- C:\Users\kl\Desktop\D.2012.11.15.CDingenierie.V1000.KL.pdf
[2012/11/14 21:35:59 | 000,609,257 | ---- | C] () -- C:\Users\kl\Desktop\TN.MCD.11.pdf
[2012/11/14 12:10:59 | 000,232,951 | ---- | C] () -- C:\Users\kl\Desktop\Axe X1_150ms.pdf
[2012/11/13 19:05:23 | 002,602,359 | ---- | C] () -- C:\Users\kl\Desktop\(Company_presentation_2012_french [Mode de compatibilité]).pdf
[2012/11/09 08:39:00 | 004,557,947 | ---- | C] () -- C:\Users\kl\Desktop\YEA-SIA-IEC-2.pdf
[2012/11/07 11:05:06 | 000,004,096 | ---- | C] () -- C:\Users\kl\Desktop\Otech_client.mwt
[2012/10/24 18:01:28 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/10/24 17:43:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/24 13:46:26 | 000,000,350 | ---- | C] () -- C:\Users\kl\Documents\20121024144622.dwp
[2012/10/08 09:43:19 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012/10/01 13:59:30 | 000,000,073 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/10/01 13:55:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Tvl20ita.dll
[2012/10/01 13:55:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Tvl20frn.dll
[2012/10/01 13:55:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Tvl20esp.dll
[2012/10/01 13:55:11 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Tvl20ger.dll
[2012/10/01 13:55:11 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Tvl20eng.dll
[2012/09/24 14:21:56 | 000,013,782 | RHS- | C] () -- C:\Users\kl\ntuser.pol
[2012/09/24 10:10:54 | 000,033,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012/04/16 09:22:19 | 000,024,022 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/07 12:43:59 | 001,695,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 12:21:27 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
Merci pour ta réponse rapide
J'ai réalisé la procédure, ci dessous le rapport généré par OTL..
OTL logfile created on: 21/11/2012 13:41:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kl\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
7,96 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,45% Memory free
15,91 Gb Paging File | 13,61 Gb Available in Paging File | 85,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 71,00 Gb Free Space | 59,54% Space Free | Partition Type: NTFS
Computer Name: YFRW7E020 | User Name: kl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - File not found --
PRC - [2012/11/21 13:41:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kl\Downloads\OTL.exe
PRC - [2012/11/01 04:29:06 | 001,011,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
PRC - [2012/11/01 04:29:06 | 000,605,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2012/10/08 20:54:50 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/06 16:47:14 | 000,062,144 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
PRC - [2012/02/06 16:47:00 | 000,189,120 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FNRB32.exe
PRC - [2012/02/06 16:47:00 | 000,131,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FIH32.exe
PRC - [2012/02/06 16:46:52 | 000,303,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSM32.EXE
PRC - [2012/02/06 16:46:52 | 000,189,120 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSMA32.EXE
PRC - [2012/02/06 16:46:52 | 000,090,816 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSHDLL32.EXE
PRC - [2012/02/06 16:46:06 | 000,488,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
PRC - [2012/02/06 16:46:06 | 000,221,888 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/08/28 20:22:56 | 000,077,824 | ---- | M] (France Telecom SA) -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/06 16:46:18 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\strres.eng
MOD - [2012/02/06 16:46:16 | 000,553,664 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\gres.dll
MOD - [2012/02/06 16:46:14 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\flyerres.eng
MOD - [2012/02/06 16:46:14 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\fsavures.eng
MOD - [2012/02/06 16:46:12 | 000,443,072 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\about.dll
MOD - [2012/02/06 16:46:12 | 000,090,816 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\aboutres.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2012/01/06 17:20:46 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2012/01/06 17:20:44 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:[b]64bit:[/b] - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008/05/08 00:29:37 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2012/10/08 20:54:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/06 16:47:14 | 000,062,144 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/02/06 16:47:00 | 000,189,120 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\common\FNRB32.exe -- (F-Secure Network Request Broker)
SRV - [2012/02/06 16:46:52 | 000,189,120 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\common\FSMA32.EXE -- (FSMA)
SRV - [2012/02/06 16:46:32 | 000,855,232 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2012/02/06 16:46:26 | 000,517,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\F-Secure\Device Control\\fsdevcon64.exe -- (fsdevcon)
SRV - [2012/02/06 16:46:06 | 000,221,888 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 20:22:56 | 000,077,824 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/09/24 10:16:14 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/06/07 16:52:02 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2012/06/07 16:52:00 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:[b]64bit:[/b] - [2012/05/25 17:44:06 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2012/05/25 17:44:06 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:44 | 000,100,728 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snxppamd.sys -- (SNXPPAMD)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:44 | 000,097,144 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snxpsamd.sys -- (SNXPSAMD)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:04 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:04 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/04/12 17:29:04 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/06 16:46:32 | 000,095,136 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:[b]64bit:[/b] - [2012/02/06 16:46:28 | 000,046,848 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:[b]64bit:[/b] - [2012/01/06 17:21:14 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:48 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:[b]64bit:[/b] - [2012/01/06 17:20:46 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:26 | 000,045,672 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:22 | 000,234,112 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwdelserial.sys -- (nwdelserial)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:22 | 000,034,304 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwdelgobi3kfilter.sys -- (nwdelgobi3kfilter)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:20 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:[b]64bit:[/b] - [2011/09/13 10:04:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:[b]64bit:[/b] - [2011/07/16 05:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:[b]64bit:[/b] - [2011/06/07 16:06:44 | 000,019,968 | ---- | M] (YASKAWA ELECTRIC CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CpUSB.sys -- (CpUSB)
DRV:[b]64bit:[/b] - [2011/04/15 01:32:50 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/02/21 20:14:16 | 000,017,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcm.sys -- (tcm)
DRV:[b]64bit:[/b] - [2011/02/21 20:14:02 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2011/02/21 20:14:02 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2010/12/20 07:08:08 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/29 23:31:22 | 000,129,536 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV:[b]64bit:[/b] - [2009/05/29 23:31:22 | 000,088,576 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV:[b]64bit:[/b] - [2009/05/29 23:31:22 | 000,010,496 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtuhsser.sys -- (GTUHSSER)
DRV:[b]64bit:[/b] - [2008/03/17 18:12:28 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2012/11/01 04:29:33 | 000,199,736 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/09/24 10:10:54 | 000,033,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2012/02/06 16:46:46 | 000,062,016 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012/02/06 16:46:06 | 000,042,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2012/02/06 16:46:06 | 000,027,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2012/02/06 16:46:06 | 000,015,040 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A3DA7B87-3856-4B9C-AE13-C4428BDDEB7F}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E86011FD-1461-450A-BCB3-C847A9A83A75&apn_sauid=4221B152-ACCD-4713-9CEC-5A8A27BF6365
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2012/11/21 09:23:44 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2012/11/21 11:16:13 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll (Ask.com)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {fa63398e-322b-4833-9af3-15837ad12138} - C:\Program Files (x86)\searchresults\searchresultsDx.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = motoman.se
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947955F7-5927-482D-876D-5913BC4F0760}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAB277EC-6F28-4D22-B57D-71A496DF54BD}: DhcpNameServer = 193.253.141.132 193.253.141.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFC52D7C-6F22-4E93-848C-7511E261DCC1}: DhcpNameServer = 193.253.141.133 193.253.141.132
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{821a4357-0b9f-11e2-a400-d067e5571e28}\Shell - "" = AutoRun
O33 - MountPoints2\{821a4357-0b9f-11e2-a400-d067e5571e28}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/11/21 13:39:06 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2012/11/21 13:39:06 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\SysNative\Crypserv.exe
[2012/11/21 13:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/11/21 13:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2012/11/21 13:07:41 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/11/21 12:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/11/21 12:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/11/21 12:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/11/21 12:18:04 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2012/11/21 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\QuickScan
[2012/11/21 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012/11/21 12:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/11/21 11:45:46 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\Malwarebytes
[2012/11/21 11:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/21 11:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/21 11:45:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/21 11:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/21 11:19:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/11/21 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\MFAData
[2012/11/21 11:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/11/21 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\Avg2013
[2012/11/21 11:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/21 11:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/21 11:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/21 10:27:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MotionWorks IEC 2
[2012/11/21 10:23:20 | 000,000,000 | ---D | C] -- C:\Documents
[2012/11/21 10:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ADE
[2012/11/21 10:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ADE
[2012/11/21 10:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaskawa
[2012/11/14 09:37:18 | 000,000,000 | ---D | C] -- C:\Users\kl\Desktop\Intervention_Amada_14112012
[2012/11/07 11:05:07 | 000,000,000 | ---D | C] -- C:\Users\kl\Desktop\Otech_client
[2012/10/24 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\Apple Computer
[2012/10/24 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\Apple Computer
[2012/10/24 18:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/24 18:01:54 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/10/24 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/10/24 18:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/24 18:01:28 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Local\Apple
[2012/10/24 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/10/24 18:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/10/24 18:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/10/24 18:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/10/24 18:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/10/24 18:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/10/24 16:12:22 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\FreeTorrentViewer
[2012/10/24 16:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchresults
[2012/10/24 16:12:13 | 000,000,000 | ---D | C] -- C:\Users\kl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeTorrentViewer
[2012/10/24 16:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTorrentViewer
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/11/21 13:39:10 | 000,000,073 | ---- | M] () -- C:\Windows\Crypkey.ini
[2012/11/21 13:38:11 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\MotionWorks IEC 2 Express.lnk
[2012/11/21 13:36:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/21 13:36:52 | 2113,679,359 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 13:18:44 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 13:18:44 | 000,024,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 13:07:43 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/21 13:07:43 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/21 13:07:43 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/21 12:53:44 | 000,002,099 | ---- | M] () -- C:\Users\kl\Desktop\HijackThis.lnk
[2012/11/21 12:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/21 12:45:20 | 001,683,898 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/21 12:45:20 | 000,752,538 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/11/21 12:45:20 | 000,659,380 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/21 12:45:20 | 000,152,140 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/11/21 12:45:20 | 000,124,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/21 12:33:25 | 000,227,187 | ---- | M] () -- C:\ProgramData\1353497573.bdinstall.bin
[2012/11/21 12:18:47 | 000,662,373 | ---- | M] () -- C:\ProgramData\1353496295.bdinstall.bin
[2012/11/21 12:18:41 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012/11/21 11:16:13 | 000,444,833 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/21 11:08:51 | 000,001,288 | ---- | M] () -- C:\Users\kl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/21 10:35:52 | 000,004,096 | ---- | M] () -- C:\Users\kl\Desktop\Otech_client.mwt
[2012/11/15 21:00:01 | 000,025,198 | ---- | M] () -- C:\Users\kl\Desktop\D.2012.11.15.CDingenierie.V1000.KL.pdf
[2012/11/14 21:35:59 | 000,609,257 | ---- | M] () -- C:\Users\kl\Desktop\TN.MCD.11.pdf
[2012/11/14 12:11:00 | 000,232,951 | ---- | M] () -- C:\Users\kl\Desktop\Axe X1_150ms.pdf
[2012/11/13 19:05:36 | 002,602,359 | ---- | M] () -- C:\Users\kl\Desktop\(Company_presentation_2012_french [Mode de compatibilité]).pdf
[2012/11/09 08:39:04 | 004,557,947 | ---- | M] () -- C:\Users\kl\Desktop\YEA-SIA-IEC-2.pdf
[2012/11/07 11:22:51 | 000,002,240 | ---- | M] () -- C:\Windows\SysNative\esnecil.ind
[2012/11/07 11:22:50 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2012/10/24 17:43:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/24 13:46:27 | 000,000,350 | ---- | M] () -- C:\Users\kl\Documents\20121024144622.dwp
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/11/21 13:39:06 | 000,028,664 | ---- | C] () -- C:\Windows\SysNative\Ckldrv.sys
[2012/11/21 13:39:06 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/11/21 13:39:06 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/11/21 13:39:06 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012/11/21 13:38:11 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\MotionWorks IEC 2 Express.lnk
[2012/11/21 13:07:43 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2012/11/21 13:07:43 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2012/11/21 13:07:43 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/11/21 12:53:44 | 000,002,099 | ---- | C] () -- C:\Users\kl\Desktop\HijackThis.lnk
[2012/11/21 12:33:24 | 000,227,187 | ---- | C] () -- C:\ProgramData\1353497573.bdinstall.bin
[2012/11/21 12:18:47 | 000,662,373 | ---- | C] () -- C:\ProgramData\1353496295.bdinstall.bin
[2012/11/21 12:18:41 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012/11/21 11:08:51 | 000,001,288 | ---- | C] () -- C:\Users\kl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/15 21:00:00 | 000,025,198 | ---- | C] () -- C:\Users\kl\Desktop\D.2012.11.15.CDingenierie.V1000.KL.pdf
[2012/11/14 21:35:59 | 000,609,257 | ---- | C] () -- C:\Users\kl\Desktop\TN.MCD.11.pdf
[2012/11/14 12:10:59 | 000,232,951 | ---- | C] () -- C:\Users\kl\Desktop\Axe X1_150ms.pdf
[2012/11/13 19:05:23 | 002,602,359 | ---- | C] () -- C:\Users\kl\Desktop\(Company_presentation_2012_french [Mode de compatibilité]).pdf
[2012/11/09 08:39:00 | 004,557,947 | ---- | C] () -- C:\Users\kl\Desktop\YEA-SIA-IEC-2.pdf
[2012/11/07 11:05:06 | 000,004,096 | ---- | C] () -- C:\Users\kl\Desktop\Otech_client.mwt
[2012/10/24 18:01:28 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/10/24 17:43:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/24 13:46:26 | 000,000,350 | ---- | C] () -- C:\Users\kl\Documents\20121024144622.dwp
[2012/10/08 09:43:19 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012/10/01 13:59:30 | 000,000,073 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/10/01 13:55:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Tvl20ita.dll
[2012/10/01 13:55:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Tvl20frn.dll
[2012/10/01 13:55:11 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Tvl20esp.dll
[2012/10/01 13:55:11 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Tvl20ger.dll
[2012/10/01 13:55:11 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Tvl20eng.dll
[2012/09/24 14:21:56 | 000,013,782 | RHS- | C] () -- C:\Users\kl\ntuser.pol
[2012/09/24 10:10:54 | 000,033,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012/04/16 09:22:19 | 000,024,022 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/02/07 12:43:59 | 001,695,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 12:21:27 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
SlyK
Messages postés
854
Date d'inscription
vendredi 11 mars 2011
Statut
Contributeur sécurité
Dernière intervention
6 octobre 2014
147
21 nov. 2012 à 14:20
21 nov. 2012 à 14:20
Re !
Tu as oublié de faire la démarche avec AdwCleaner, de plus il manque un rapport pour OTL (extrat.txt).
PS : N'oublie pas d'héberger les rapports au lieu de les copier/coller comme indiqué dans la démarche.
@+
Tu as oublié de faire la démarche avec AdwCleaner, de plus il manque un rapport pour OTL (extrat.txt).
PS : N'oublie pas d'héberger les rapports au lieu de les copier/coller comme indiqué dans la démarche.
@+
vietkong93
Messages postés
32
Date d'inscription
mercredi 21 novembre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
21 nov. 2012 à 15:15
21 nov. 2012 à 15:15
Re!
Ci joint le rapport Adwcleaner: https://www.cjoint.com/?BKvpnLkuYn7
Par contre je n'obtiens qu'un seul rapport OTL, je n'ai pas l'extrat...
ci joint le rapport OTL: https://www.cjoint.com/?BKvpoZ2GQy1
Merci!
Ci joint le rapport Adwcleaner: https://www.cjoint.com/?BKvpnLkuYn7
Par contre je n'obtiens qu'un seul rapport OTL, je n'ai pas l'extrat...
ci joint le rapport OTL: https://www.cjoint.com/?BKvpoZ2GQy1
Merci!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
SlyK
Messages postés
854
Date d'inscription
vendredi 11 mars 2011
Statut
Contributeur sécurité
Dernière intervention
6 octobre 2014
147
21 nov. 2012 à 21:05
21 nov. 2012 à 21:05
Re !
Possible d'avoir ce rapport ?
- AdwCleaner[S1].txt
@+
Possible d'avoir ce rapport ?
- AdwCleaner[S1].txt
Par contre je n'obtiens qu'un seul rapport OTL, je n'ai pas l'extrat...As-tu vérifié sur le bureau ?
@+
vietkong93
Messages postés
32
Date d'inscription
mercredi 21 novembre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
23 nov. 2012 à 09:13
23 nov. 2012 à 09:13
Hello,
Je n'arrive pas à mettre la main sur le S1.
Ci joint, le fichier extrat: https://www.cjoint.com/?BKxjnaVJXRs
Merci pour ton aide!
Je n'arrive pas à mettre la main sur le S1.
Ci joint, le fichier extrat: https://www.cjoint.com/?BKxjnaVJXRs
Merci pour ton aide!
vietkong93
Messages postés
32
Date d'inscription
mercredi 21 novembre 2012
Statut
Membre
Dernière intervention
23 novembre 2012
23 nov. 2012 à 13:15
23 nov. 2012 à 13:15
Re!
J'ai retrouvé le S1... Ci dessous!
https://www.cjoint.com/?BKxnoSLG4pf
Merci
J'ai retrouvé le S1... Ci dessous!
https://www.cjoint.com/?BKxnoSLG4pf
Merci