Sujet Précédent Sujet Suivant

Trojan agent KB KILL?

Résolu/Fermé
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013 - 28 avril 2013 à 17:34
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 avril 2013 à 14:37
Bonjour,

Jai tente un scan avec Hijackthis contre le trojan kb qui s'est bizarrement arrete net, voila malgre tout la copie du scan.
Malwarebytes a repere le trojan agent kb qui evidemment se defend bien mais je suis sur quon peut malgre tout le detruire, qui a une idee?
Je suis sur Paname une biere pour celui qui peut maider a le detruire definitivement et peut etre maider a comprendre comment jai pu le laisser sinstaller sur ma machine.

Bonnes vances pour les chanceux qui partent et bon courage pour tt le monde!

Thx & bye







Copie de HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 17:05:05, on 28/04/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Running processes:
C:\Users\Kristian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Kristian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Users\Kristian\AppData\Roaming\Irmmleecytjzxarb.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Users\Kristian\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\Kristian\AppData\Local\Temp\pubrnzsostyzxsq.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Users\Kristian\AppData\Local\Temp\pubrnzsostyzxsq.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Kristian\AppData\Local\Temp\Temp1_hijackthis_199 (1).zip\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kristian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Kristian\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Irmmleecytjzxarb.exe] "C:\Users\Kristian\AppData\Roaming\Irmmleecytjzxarb.exe"
O4 - Startup: Dropbox.lnk = Kristian\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: *.dell.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://downloads.dell.com/systemprofiler/SysProExe.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe" Start=service (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
A voir également:

17 réponses

Réponse 1 / 17
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 avril 2013 à 17:49
Salut,

Désinstalle Spybot, il est dépassé.


Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :



netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs



* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
Je répète : donne le lien du rapport pjjoint ici dans un nouveau message.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE

1
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
28 avril 2013 à 18:16
Merci de ton aide
Je lance OTL
0
Réponse 2 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
28 avril 2013 à 20:31
Voici le lien OTL:
https://pjjoint.malekal.com/files.php?id=OTL_20130428_j9g7g15k5e12

Quene penses-tu?
0
Réponse 3 / 17
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 avril 2013 à 20:37
Relance OTL.
o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
[2013/04/27 18:27:03 | 000,103,018 | ---- | M] () -- C:\Users\Kristian\Documents\cc_20130427_182656.reg
[2013/04/26 14:58:57 | 001,159,529 | ---- | M] (Apple Inc.) -- C:\Users\Kristian\AppData\Roaming\13DF.exe
[2013/04/25 20:18:14 | 000,221,184 | ---- | M] (The Pidgin developer community) -- C:\Users\Kristian\AppData\Roaming\427B.exe
[2013/04/25 15:39:20 | 001,172,699 | RHS- | M] (Piriform Ltd) -- C:\Users\Kristian\AppData\Roaming\A631.exe
[2013/04/25 12:27:54 | 000,023,329 | ---- | M] () -- C:\Users\Kristian\Documents\A130424035 (1).pdf
[2013/04/25 08:57:44 | 001,161,459 | ---- | M] (The Pidgin developer community) -- C:\Users\Kristian\AppData\Roaming\A376.exe
[2013/04/25 07:58:46 | 001,161,459 | ---- | M] (The Pidgin developer community) -- C:\Users\Kristian\AppData\Roaming\A7E6.exe
[2013/04/25 07:17:42 | 001,161,459 | ---- | M] (The Pidgin developer community) -- C:\Users\Kristian\AppData\Roaming\C8D.exe
[2013/04/24 19:47:25 | 001,161,459 | ---- | M] (The Pidgin developer community) -- C:\Users\Kristian\AppData\Roaming\Irmmleecytjzxarb.exe
[2013/04/24 18:48:21 | 000,000,094 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\65B5.exe
[2013/04/24 17:37:36 | 000,000,094 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\3C18.exe
[2013/04/24 17:25:58 | 000,000,094 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\93F6.exe
[2013/04/23 15:07:40 | 000,014,974 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\F008.exe
[2013/04/23 14:57:21 | 000,014,974 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\8F5.exe
[2013/04/23 12:54:17 | 000,014,974 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\2B05.exe
[2013/04/23 12:19:13 | 000,014,974 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\B65.exe
[2013/04/23 10:24:50 | 000,014,974 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\4ECA.exe
[2013/04/23 10:02:01 | 000,014,974 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\71D5.exe
[2013/04/23 08:46:02 | 000,014,974 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\6F84.exe


* redemarre le pc sous windows et poste le rapport ici


~~

Zip le dossier C:\_OTL
Ouvre Mon Ordinateur / Poste de travail => Disque C
Clic droit / Envoyer vers dossier compressé.
Cela va créer un fichier C:\_OTL.zip
Envoie ce fichier _OTL.zip sur http://upload.malekal.com


~~

Tu as Spybot qui sert à rien. Dépassé et inefficace.
Ad-Aware Antivirus bof.
AVG Search machin qui sert à rien.
Et Malwarebyte.

Tu devrais désinstaller Ad-Aware Antivirus et installer un antivirus, au moins un gratuit genre Avast!.

0
Réponse 4 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
28 avril 2013 à 22:04
Rapport OTL 2:
========== OTL ==========
C:\Users\Kristian\My Documents\cc_20130427_182656.reg moved successfully.
C:\Users\Kristian\AppData\Roaming\13DF.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\427B.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\A631.exe moved successfully.
C:\Users\Kristian\My Documents\A130424035 (1).pdf moved successfully.
C:\Users\Kristian\AppData\Roaming\A376.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\A7E6.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\C8D.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\Irmmleecytjzxarb.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\65B5.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\3C18.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\93F6.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\F008.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\8F5.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\2B05.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\B65.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\4ECA.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\71D5.exe moved successfully.
C:\Users\Kristian\AppData\Roaming\6F84.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04282013_215249
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
28 avril 2013 à 22:07
Jai desinstalle:
Spybot
Ad-Aware Antivirus
AVG Search

Jai installe:
Avast

Il me semble que Malwarebyte nest pas completement nul?
0
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 avril 2013 à 22:08
yep Malwarebyte est bien, garde le.

Zip le dossier C:\_OTL
Ouvre Mon Ordinateur / Poste de travail => Disque C
Clic droit / Envoyer vers dossier compressé.
Cela va créer un fichier C:\_OTL.zip
Envoie ce fichier _OTL.zip sur http://upload.malekal.com
0
Réponse 6 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
28 avril 2013 à 22:13
fichier _OTL.zip envoye sur http://upload.malekal.com
0
Réponse 7 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
28 avril 2013 à 22:22
Je me deconnecte
Merci mille fois de ton expertise
@+
KK
0
Réponse 8 / 17
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
28 avril 2013 à 22:29
OK tu referas un scan OTL, quand tu pourras, histoire de voir s'il reste des trucs.
0
Réponse 9 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
29 avril 2013 à 11:06
Thx
Jai refait un sacn final mais pas certain de comprebdre si je suis tjrs infecte?

Copie scan OTL:

OTL logfile created on: 29/04/2013 10:51:16 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,68 Gb Available Physical Memory | 36,21% Memory free
3,73 Gb Paging File | 2,19 Gb Available in Paging File | 58,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 278,46 Gb Total Space | 115,90 Gb Free Space | 41,62% Space Free | Partition Type: NTFS

Computer Name: KRISTIAN-PC | User Name: Kristian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/04/28 21:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristian\Downloads\OTL (1).exe
PRC - [2013/04/14 11:50:02 | 001,219,248 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/04/14 11:50:02 | 000,990,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/03/28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/03/20 08:08:36 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2013/03/12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kristian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kristian\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011/01/13 01:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/13 01:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/07/02 13:10:28 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/07/02 13:10:24 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/04/14 11:50:02 | 001,219,248 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/04/14 11:50:02 | 000,157,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\SiteSafety.dll
MOD - [2013/02/14 15:50:05 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/14 13:12:07 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll
MOD - [2013/01/12 22:34:31 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013/01/12 22:34:31 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013/01/12 21:53:57 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 21:53:16 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/12 21:53:01 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/12 21:52:55 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/12 21:52:50 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/12 21:52:49 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/12 21:52:40 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/12 18:58:07 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f62409df88e3dde635df0808c7177097\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 18:56:17 | 001,812,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll
MOD - [2013/01/12 17:19:15 | 018,022,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll
MOD - [2013/01/12 17:18:57 | 011,522,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll
MOD - [2013/01/12 17:18:44 | 003,883,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll
MOD - [2013/01/12 17:18:25 | 007,070,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll
MOD - [2013/01/12 17:18:22 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll
MOD - [2013/01/12 17:18:18 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll
MOD - [2013/01/12 17:18:16 | 009,095,168 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013/01/12 17:18:10 | 014,417,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2012/11/29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010/11/25 05:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2011/05/27 21:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2011/01/13 22:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:[b]64bit:[/b] - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009/03/03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/14 11:50:02 | 000,990,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/12 22:34:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/18 22:54:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/08 15:42:27 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/02/16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/13 01:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/02 13:10:28 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/02 13:10:24 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/04/14 11:50:02 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2013/03/07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2013/02/22 09:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2013/02/22 09:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2013/02/21 21:20:30 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:[b]64bit:[/b] - [2013/02/11 12:28:41 | 000,038,456 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiark.sys -- (gfiark)
DRV:[b]64bit:[/b] - [2012/10/19 19:11:06 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:[b]64bit:[/b] - [2012/08/24 15:41:30 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:[b]64bit:[/b] - [2012/08/24 15:41:16 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:[b]64bit:[/b] - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/08/19 00:40:08 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2011/08/19 00:39:52 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2011/08/19 00:39:52 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2011/08/19 00:39:50 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:[b]64bit:[/b] - [2011/08/19 00:39:50 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2011/08/19 00:39:50 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2011/05/27 21:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2011/05/17 08:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/04/01 05:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2011/03/26 04:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/01/20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:[b]64bit:[/b] - [2011/01/15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2011/01/13 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/10/30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010/10/15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2009/09/18 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:[b]64bit:[/b] - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.bing.com/spresults.aspx
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=C1B8D640AE3EE418807F325126755328&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bba14329e-9550-4989-b3f2-9732e92d17cc%7D:10.14.40.128
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "https://www.google.com/webhp?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&gws_rd=ssl"
FF - prefs.js..browser.startup.homepage: "fbdirecto.net/1/"
FF - user.js - File not found

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kristian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kristian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kristian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kristian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kristian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/03/19 10:48:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/10/24 10:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\Mozilla\Extensions
[2013/01/20 20:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\Mozilla\Firefox\Profiles\ohrpqcoh.default\extensions
[2013/01/12 17:28:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kristian\AppData\Roaming\Mozilla\Firefox\Profiles\ohrpqcoh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/01/20 20:53:24 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Kristian\AppData\Roaming\Mozilla\Firefox\Profiles\ohrpqcoh.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2013/01/12 17:29:38 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Kristian\AppData\Roaming\Mozilla\Firefox\Profiles\ohrpqcoh.default\extensions\firefox@ghostery.com
[2013/01/12 17:34:12 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Kristian\AppData\Roaming\Mozilla\Firefox\Profiles\ohrpqcoh.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kristian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Irmmleecytjzxarb.exe] "C:\Users\Kristian\AppData\Roaming\Irmmleecytjzxarb.exe" File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kristian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:[b]64bit:[/b] - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://downloads.dell.com/systemprofiler/SysProExe.cab (WMI Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3FF5078-C8FF-464D-A7DD-FEF3597CAC46}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7A9807C-45F7-4CB8-BBE6-629A49F5AA1E}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll ()
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf24dbef-1d95-11e2-9443-24b6fd3b2ca1}\Shell - "" = AutoRun
O33 - MountPoints2\{cf24dbef-1d95-11e2-9443-24b6fd3b2ca1}\Shell\AutoRun\command - "" = F:\SETUP.EXE /adminfile IU.MSP
O33 - MountPoints2\{cf24dbef-1d95-11e2-9443-24b6fd3b2ca1}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{cf24dbef-1d95-11e2-9443-24b6fd3b2ca1}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{ece5b531-872c-11e2-94fc-24b6fd3b2ca1}\Shell - "" = AutoRun
O33 - MountPoints2\{ece5b531-872c-11e2-94fc-24b6fd3b2ca1}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/04/28 21:52:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/28 21:32:27 | 000,377,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/04/28 21:32:27 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/04/28 21:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/04/28 21:32:26 | 000,070,992 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/04/28 21:32:25 | 001,025,808 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/04/28 21:32:25 | 000,068,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/04/28 21:32:19 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/04/28 21:31:46 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/04/28 10:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/28 10:45:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/04/28 10:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/27 19:30:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[2013/04/27 19:26:45 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/04/27 19:26:45 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/04/27 19:26:45 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/04/27 19:26:45 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/04/27 19:26:45 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/27 19:26:45 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/04/27 19:26:45 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/04/27 19:26:45 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/04/27 19:26:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/04/27 19:26:45 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/04/27 19:26:45 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/04/27 19:26:45 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/04/27 19:26:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/04/27 19:26:45 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/04/27 19:26:45 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/04/27 19:26:45 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/27 19:26:45 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/27 19:26:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/04/27 19:26:45 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/04/27 19:26:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/04/27 19:26:45 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/04/27 19:26:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/04/27 19:26:45 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/04/27 19:26:45 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/04/27 19:26:45 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/04/27 19:26:45 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/04/27 19:26:45 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/04/27 19:26:45 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/04/27 19:26:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/04/27 19:26:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/04/27 19:26:45 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/04/27 19:26:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/04/27 19:26:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/27 19:26:45 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/04/27 19:26:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/27 19:26:45 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/04/27 19:26:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/04/27 19:26:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/04/27 19:26:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/04/27 19:26:45 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/04/27 19:26:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/04/27 19:26:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/04/27 19:26:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/04/27 19:26:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/04/27 19:26:45 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/04/27 19:26:45 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/04/27 19:26:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/04/27 19:26:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/04/27 19:26:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/04/27 19:26:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/04/27 19:26:44 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/04/27 19:26:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/04/27 19:26:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/04/27 19:26:44 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/04/27 19:26:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/04/27 19:26:44 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/04/27 19:26:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/04/27 19:26:44 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/04/27 19:26:44 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/04/27 19:26:44 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/04/27 19:26:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/04/27 19:26:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/04/27 19:26:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/04/27 19:26:44 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/04/27 19:26:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/04/27 19:26:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/04/27 19:26:44 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/04/27 19:26:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/04/26 17:34:17 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Desktop\My Europ
[2013/04/23 20:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/04/20 14:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lara Croft and the Guardian of Light
[2013/04/20 14:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lara Croft and the Guardian of Light
[2013/04/20 14:31:39 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lara Croft and the Guardian of Light
[2013/04/14 11:59:40 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrclr40.dll
[2013/04/14 11:59:39 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrecr40.dll
[2013/04/14 11:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Micro Application Shared
[2013/04/14 11:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Micro Application
[2013/04/14 11:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Micro Application
[2013/04/14 11:52:34 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Documents\Add-in Express
[2013/04/14 11:50:38 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\AVG Secure Search
[2013/04/14 11:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/04/14 11:50:20 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/04/14 11:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/04/14 11:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/04/11 20:40:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/04/11 20:31:03 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudmdm.sys
[2013/04/11 20:31:03 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudbus.sys
[2013/04/11 20:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013/04/11 20:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013/04/10 08:52:56 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2013/04/10 08:52:56 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2013/04/10 08:52:55 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aaclient.dll
[2013/04/10 08:52:55 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aaclient.dll
[2013/04/10 08:52:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll
[2013/04/10 08:52:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll
[2013/04/10 08:52:46 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/04/10 08:52:46 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/04/10 08:52:45 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/04/10 08:52:45 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013/04/10 08:52:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013/04/10 08:52:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013/04/04 07:15:45 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Documents\kk
[5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\Kristian\Desktop\*.tmp files -> C:\Users\Kristian\Desktop\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/04/29 10:36:05 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/29 10:34:03 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 10:34:03 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 10:27:50 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 10:26:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/29 09:10:36 | 1502,629,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/29 08:26:05 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3715364137-2451337545-1944498204-1001UA.job
[2013/04/29 08:25:14 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/28 21:32:28 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/28 21:32:19 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/04/28 20:30:34 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/28 20:30:34 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/28 20:30:34 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/28 18:14:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/04/28 14:59:54 | 001,632,241 | ---- | M] () -- C:\Users\Kristian\Desktop\Attachments_2013428.zip
[2013/04/28 14:26:11 | 000,001,038 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3715364137-2451337545-1944498204-1001Core.job
[2013/04/28 10:45:55 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/28 10:26:47 | 000,001,419 | ---- | M] () -- C:\Users\Kristian\Desktop\Internet Explorer.lnk
[2013/04/27 19:26:45 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/04/27 19:26:45 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/04/27 19:26:45 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/04/27 19:26:45 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/04/27 19:26:45 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/27 19:26:45 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/04/27 19:26:45 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/04/27 19:26:45 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/04/27 19:26:45 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/04/27 19:26:45 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/04/27 19:26:45 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/04/27 19:26:45 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/04/27 19:26:45 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/04/27 19:26:45 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/04/27 19:26:45 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/04/27 19:26:45 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/04/27 19:26:45 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/04/27 19:26:45 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/04/27 19:26:45 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/04/27 19:26:45 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/04/27 19:26:45 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/04/27 19:26:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/04/27 19:26:45 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/04/27 19:26:45 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/04/27 19:26:45 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/04/27 19:26:45 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/04/27 19:26:45 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/04/27 19:26:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/04/27 19:26:45 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/04/27 19:26:45 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/04/27 19:26:45 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/04/27 19:26:45 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/04/27 19:26:45 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/04/27 19:26:45 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/04/27 19:26:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/27 19:26:45 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/04/27 19:26:45 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/04/27 19:26:45 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/04/27 19:26:45 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/04/27 19:26:45 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/04/27 19:26:45 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/04/27 19:26:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/04/27 19:26:45 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/04/27 19:26:45 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/04/27 19:26:45 | 000,027,648 | ---- | M
0
Réponse 10 / 17
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
29 avril 2013 à 11:08
rapport incomplet, utilise pjjoint.
0
Réponse 11 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
29 avril 2013 à 11:58
rapport envoye sur:
https://upload.malekal.com/upload.php
0
Réponse 12 / 17
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
29 avril 2013 à 11:58
non tu as renvoyé le dossier OTL en zip.

Faire le scan avec pjjoint comme la première fois => https://forums.commentcamarche.net/forum/affich-27693393-trojan-agent-kb-kill#1
0
Réponse 13 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
29 avril 2013 à 12:31
Sorry!

Voici le lien:
https://pjjoint.malekal.com/files.php?id=OTL_20130429_h12y6z11f5n11
0
Réponse 14 / 17
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
29 avril 2013 à 12:57
Relance OTL.
o sous Persfonnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
O4 - HKCU..\Run: [Irmmleecytjzxarb.exe] C:\Users\Kristian\AppData\Roaming\Irmmleecytjzxarb.exe File not found
[2013/04/22 22:21:21 | 000,000,175 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\757F.exe

* redemarre le pc sous windows et poste le rapport ici



Désinstalle AVG Search - sert à rien.
0
Réponse 15 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
29 avril 2013 à 14:11
Rapport OTL:
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Irmmleecytjzxarb.exe deleted successfully.
C:\Users\Kristian\AppData\Roaming\757F.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04292013_132625
0
Réponse 16 / 17
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
Modifié par Malekal_morte- le 29/04/2013 à 14:13
Voila je pense que c'est bon.
Cette infection va par Skype, via des liens qui se te font croire que ce sont des images.
Dans ce style là : https://www.malekal.com/fichiers/spywares/msnGayZ.png

Change tes mots de passe WEB (Mail, Facebook etc).

Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Réponse 17 / 17
KK75009 Messages postés 12 Date d'inscription dimanche 28 avril 2013 Statut Membre Dernière intervention 29 avril 2013
29 avril 2013 à 14:34
Merci mille fois
Je tenvoie une biere par coursier :)
Jai recu effectivement ce genre de message sur Skype

Merci encore

Excellente journee
K
0
Malekal_morte- Messages postés 180230 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
29 avril 2013 à 14:37
bonne journée à toi aussi :)
0

Discussions similaires

QuickShare c'est quoi ce truc
edelweiss2604 -
edelweiss2604 -

41 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Boucle sur la première diapositive d'une présentation
ND83 -
ndubau -

3 réponses
Market feedback agent s'est arrêté. Toutes mes messageries sont bloquées ainsi t
Val -
Sourisverte2 -

1 réponse
Différence entre Ko et Kb
quo-vadis -
ecormier -

8 réponses