Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
27 replies to this topic

#1 davio6251

davio6251

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 22 March 2014 - 05:27 AM

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:39:13, on 22/03/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16843)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Utilisateur51\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=721312B7C3B4EEBF&affID=121442&tsp=5027

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll

O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll

O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll

O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"

O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-312 313 315 Series"

O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-312 313 315 Series"

O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"

O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112"

O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\System32\AUInstallAgent.dll,-101 (AllUserInstallAgent) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Dedicarz Service - Unknown owner - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (Eaphost) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\windows\system32\EscSvc64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Orange update Core Service - Unknown owner - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\windows\system32\SearchIndexer.exe

O23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\windows\system32\svchost.exe

O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--

End of file - 28080 bytes


Edited by hamluis, 22 March 2014 - 07:42 AM.
Moved from AII to MRL - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:24 PM

Posted 22 March 2014 - 12:53 PM

:welcome:

Hello davio6251,

my name is Jo and I will help you with your computer problems.


What is your problem?

Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 05:54 AM

hi jo
the problem is that when I turn on HotspotShield I have internet explorer window that opens only continuously.
and I would keep it free and easy vpn.

 

sults of screen317's Security Check version 0.99.81  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Ad-Aware Antivirus   
Windows Defender     
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox 27.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.1.5354.0\AdAwareTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#4 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 06:32 AM

OTL logfile created on: 24/03/2014 12:08:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Utilisateur51\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,89 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 44,65% Memory free
7,89 Gb Paging File | 6,46 Gb Available in Paging File | 81,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,74 Gb Total Space | 754,89 Gb Free Space | 83,35% Space Free | Partition Type: NTFS
 
Computer Name: UTILISATEUR | User Name: Utilisateur51 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/24 11:54:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Utilisateur51\Downloads\OTL.exe
PRC - [2014/03/24 11:41:36 | 000,987,448 | ---- | M] () -- C:\Users\Utilisateur51\Desktop\SecurityCheck.exe
PRC - [2013/12/18 19:23:04 | 000,920,872 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/12/18 19:21:30 | 001,802,024 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/12/18 19:17:48 | 000,555,304 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/12/18 19:15:44 | 000,343,848 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/12 15:40:04 | 013,494,592 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe
PRC - [2013/12/12 15:40:02 | 000,149,824 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe
PRC - [2013/10/17 08:38:52 | 001,970,544 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
PRC - [2013/09/27 19:46:26 | 000,559,696 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/09/18 09:48:58 | 002,791,544 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/09/05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/09/05 08:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/09/05 08:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/08/22 01:21:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/15 12:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/08/10 09:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/08/06 11:17:44 | 001,313,384 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe
PRC - [2012/07/17 09:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 09:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 09:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/24 11:41:36 | 000,987,448 | ---- | M] () -- C:\Users\Utilisateur51\Desktop\SecurityCheck.exe
MOD - [2014/01/17 12:32:46 | 004,791,656 | ---- | M] () -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2013/12/18 19:11:08 | 000,908,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/12/12 15:39:42 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\Tools.dll
MOD - [2013/12/12 15:39:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\jetrt\baseline720.dll
MOD - [2013/12/12 15:39:40 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetworkAPI.dll
MOD - [2013/12/12 15:39:40 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\zip.dll
MOD - [2013/12/12 15:39:40 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetWPSAPI.dll
MOD - [2013/12/12 15:39:38 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\java.dll
MOD - [2013/12/12 15:39:38 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\jetvm\jvm.dll
MOD - [2012/09/05 08:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/09/05 08:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/09/05 08:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/09/05 08:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/09/05 08:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/07/26 04:19:14 | 000,364,544 | ---- | M] () -- C:\windows\SysWOW64\msjetoledb40.dll
MOD - [2012/06/08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/08 03:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/04 07:50:54 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uTVMUIEngine.dll
MOD - [2007/04/19 01:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uPiApi.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 04:16:08 | 002,169,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/10/25 08:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/05/17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2012/04/20 06:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/03/11 18:49:24 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 09:39:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/21 15:54:18 | 000,699,912 | ---- | M] (Orange SA) [Auto | Stopped] -- C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service)
SRV - [2013/12/18 19:23:04 | 000,920,872 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/12/18 19:17:48 | 000,555,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/17 22:16:04 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/10/17 08:38:52 | 001,970,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe -- (Dedicarz Service)
SRV - [2012/09/20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/09/05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/08/22 01:21:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/11 02:47:32 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/10 10:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/10 09:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 09:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 09:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 09:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/12/17 22:11:50 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/10/25 08:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/24 23:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/16 02:44:40 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\windows\SysNative\Drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/07/17 17:10:52 | 000,138,232 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/07/17 17:09:40 | 000,107,080 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013/07/17 17:09:40 | 000,097,816 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/25 19:02:40 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/11 02:47:23 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/11 02:47:15 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/08/10 10:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 10:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 10:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 10:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 10:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 10:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 10:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 10:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/07/31 13:23:06 | 000,778,240 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\dvb7700all.sys -- (DVB7700ALL)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 00:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/07/02 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 02:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/12 13:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/02/11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\Drivers\npf.sys -- (npf)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5B52640F-0735-4913-8491-D5249CF6BBC0}
IE:64bit: - HKLM\..\SearchScopes\{5B52640F-0735-4913-8491-D5249CF6BBC0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5B52640F-0735-4913-8491-D5249CF6BBC0}
IE - HKLM\..\SearchScopes\{5B52640F-0735-4913-8491-D5249CF6BBC0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=721312B7C3B4EEBF&affID=121442&tsp=5027
IE - HKCU\..\SearchScopes,DefaultScope = {5B52640F-0735-4913-8491-D5249CF6BBC0}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=721312B7C3B4EEBF&affID=121442&tsp=5027
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/ProgramData/Hotspot Shield/config/hsspx/proxy.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: e-webprint%40epson.com:1.19.00
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/02/26 18:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/10/05 16:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\Extensions
[2014/03/21 19:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\Firefox\Profiles\4273htib.default\extensions
[2013/12/19 20:24:59 | 000,000,000 | ---D | M] (uTorrentBar_FR) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\Firefox\Profiles\4273htib.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
[2014/03/20 16:42:02 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\Firefox\Profiles\4273htib.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2014/03/09 10:03:49 | 000,013,447 | ---- | M] () (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\firefox\profiles\4273htib.default\extensions\ipbleep@p4ul.info.xpi
[2014/02/26 19:05:39 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\firefox\profiles\4273htib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/15 09:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 09:39:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/15 09:38:36 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
 
O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-312 313 315 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-312 313 315 Series" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{140ED540-5028-4C69-A952-FBD2AF60BC03}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C43B350-5AF5-40C9-A269-662E8D1AC349}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/24 11:31:38 | 000,000,000 | R--D | C] -- C:\Users\Utilisateur51\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/03/23 10:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2014/03/23 10:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/03/22 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\Documents\ProcAlyzer Dumps
[2014/03/22 09:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/03/22 09:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/03/20 17:57:10 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\AppData\Roaming\LavasoftStatistics
[2014/03/20 17:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2014/03/20 16:50:47 | 002,084,072 | ---- | C] (Bitdefender) -- C:\windows\SysNative\bdnc.dll
[2014/03/20 16:50:44 | 001,061,776 | ---- | C] (BitDefender S.R.L.) -- C:\windows\SysNative\bdsmtpp.dll
[2014/03/20 16:50:44 | 000,209,984 | ---- | C] (BitDefender) -- C:\windows\SysNative\BdFirewallSDK.dll
[2014/03/20 16:50:44 | 000,195,016 | ---- | C] (BitDefender) -- C:\windows\SysNative\httproxy.dll
[2014/03/20 16:50:44 | 000,155,912 | ---- | C] (BitDefender S.R.L.) -- C:\windows\SysNative\bdpop3p.dll
[2014/03/20 16:50:44 | 000,122,928 | ---- | C] (BitDefender) -- C:\windows\SysNative\OEMbdpredir.dll
[2014/03/20 16:50:44 | 000,096,160 | ---- | C] (BitDefender) -- C:\windows\SysNative\bdpredir.dll
[2014/03/20 16:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2014/03/20 16:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/03/20 16:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2014/03/20 16:42:12 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\AppData\Local\adawarebp
[2014/03/20 16:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2014/03/20 16:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2014/03/20 16:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2014/03/20 16:39:48 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\AppData\Roaming\Lavasoft
[2014/03/20 16:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/03/20 16:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/03/19 13:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glorylogic
[2014/03/11 20:45:44 | 000,248,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2014/03/11 20:45:43 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2014/03/11 20:45:17 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2014/03/11 20:45:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/03/11 20:45:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/03/11 20:45:16 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/03/11 20:45:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/03/11 20:45:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/03/11 20:45:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/03/11 20:45:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/03/11 20:45:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/03/11 20:45:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/03/11 20:45:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/03/11 20:45:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/03/11 20:45:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2014/03/11 20:45:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2014/03/11 20:45:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/03/11 20:45:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/03/11 20:44:47 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/03/11 20:44:47 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014/03/11 20:44:45 | 001,628,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2014/03/09 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/09 10:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/03/09 10:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/09 10:32:57 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/03/09 10:32:47 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/03/09 10:32:47 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/03/09 10:32:47 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/09 10:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/09 10:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/26 18:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2014/02/26 18:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/02/26 18:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/26 18:02:06 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\ensppmon.dll
[2014/02/26 18:02:06 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enppmon.dll
[2014/02/26 18:02:06 | 000,535,552 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\ensppui.dll
[2014/02/26 18:02:06 | 000,535,552 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enppui.dll
[2014/02/26 18:02:06 | 000,219,648 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enspres.dll
[2014/02/26 18:02:06 | 000,219,648 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enpres.dll
[2014/02/26 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/26 17:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2014/02/26 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON Software
[2014/02/26 17:44:15 | 000,466,432 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysNative\esxw2ud.dll
[2014/02/26 17:44:15 | 000,144,560 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysNative\escsvc64.exe
[2014/02/26 17:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/26 17:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/26 17:41:18 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\SysNative\E_GCINST.DLL
[2014/02/26 17:41:15 | 000,179,712 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\E_ILMBLFE.DLL
[2014/02/26 17:41:15 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\E_ID4BLFE.DLL
[2014/02/26 17:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Epson
[2012/10/23 00:18:45 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/24 11:59:21 | 001,793,362 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/24 11:59:21 | 000,799,736 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
[2014/03/24 11:59:21 | 000,710,046 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/24 11:59:21 | 000,155,444 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
[2014/03/24 11:59:21 | 000,132,416 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/24 11:53:00 | 000,000,943 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/03/24 11:53:00 | 000,000,757 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/03/24 11:49:00 | 000,001,002 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/24 11:44:26 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/24 11:41:36 | 000,987,448 | ---- | M] () -- C:\Users\Utilisateur51\Desktop\SecurityCheck.exe
[2014/03/24 11:27:08 | 000,002,309 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/03/24 11:26:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/24 11:25:10 | 000,000,943 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/03/24 11:25:10 | 000,000,757 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/03/24 11:24:46 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/24 11:24:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/24 11:24:24 | 3339,714,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/24 11:22:31 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014/03/18 20:40:55 | 526,641,454 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/03/15 17:47:02 | 000,316,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/09 10:32:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/09 10:32:22 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/03/09 10:32:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/03/09 10:32:21 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/03/04 23:52:34 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/03/04 23:52:34 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/26 18:39:02 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2014/02/26 17:44:37 | 000,000,123 | ---- | M] () -- C:\Users\Public\Desktop\Epson Connect Site.url
[2014/02/26 17:44:36 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Manuels EPSON.lnk
[2014/02/26 17:44:15 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/23 09:13:59 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/02/23 09:13:31 | 000,915,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2014/02/23 09:13:31 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2014/02/23 09:12:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/02/23 09:12:24 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/02/23 09:11:59 | 003,960,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/02/23 09:11:59 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/02/23 09:11:52 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/02/23 09:11:52 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/02/23 09:11:51 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/02/23 07:54:37 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2014/02/23 07:53:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/02/23 07:53:21 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/02/23 07:53:18 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/02/23 07:53:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/02/23 07:53:18 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
 
========== Files Created - No Company Name ==========
 
[2014/03/24 11:41:29 | 000,987,448 | ---- | C] () -- C:\Users\Utilisateur51\Desktop\SecurityCheck.exe
[2014/03/24 11:22:15 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2014/03/20 16:50:44 | 000,156,936 | ---- | C] () -- C:\windows\SysNative\bdfwcore.dll
[2014/03/20 16:49:57 | 000,002,309 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/03/15 17:46:48 | 000,316,288 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/02/26 18:53:20 | 000,000,757 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/02/26 18:53:18 | 000,000,943 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/02/26 18:39:02 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2014/02/26 18:25:40 | 000,000,757 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/02/26 18:25:24 | 000,000,943 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/02/26 17:44:37 | 000,000,123 | ---- | C] () -- C:\Users\Public\Desktop\Epson Connect Site.url
[2014/02/26 17:44:36 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Manuels EPSON.lnk
[2014/02/26 17:44:15 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/10/05 12:34:40 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/10/23 00:18:45 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2012/08/03 02:35:04 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/03 02:35:04 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/08/03 02:34:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/03 02:34:28 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/08/03 02:34:28 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 05:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/10/06 10:34:24 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\windows\SysNative\shell32.dll -- [2013/12/07 07:36:58 | 019,751,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/07 06:15:36 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/01/17 12:33:51 | 000,000,000 | ---D | M] -- C:\Users\Utilisateur51\AppData\Roaming\fr.orange.assistancelivebox
[2013/11/12 18:51:10 | 000,000,000 | ---D | M] -- C:\Users\Utilisateur51\AppData\Roaming\Hotspot Shield
[2013/10/07 16:21:04 | 000,000,000 | ---D | M] -- C:\Users\Utilisateur51\AppData\Roaming\Systweak
[2014/03/23 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Utilisateur51\AppData\Roaming\uTorrent
[2014/02/09 10:52:02 | 000,000,000 | ---D | M] -- C:\Users\Utilisateur51\AppData\Roaming\WebApp
[2013/12/30 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\Utilisateur51\AppData\Roaming\WindSolutions
[2012/12/29 16:27:20 | 000,000,000 | ---D | M] -- C:\Users\Utilisateur51\AppData\Roaming\XTR3D_UI
 
========== Purity Check ==========
 
 

< End of report >
 



#5 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 06:34 AM

OTL Extras logfile created on: 24/03/2014 12:08:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Utilisateur51\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,89 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 44,65% Memory free
7,89 Gb Paging File | 6,46 Gb Available in Paging File | 81,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,74 Gb Total Space | 754,89 Gb Free Space | 83,35% Space Free | Partition Type: NTFS
 
Computer Name: UTILISATEUR | User Name: Utilisateur51 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = Free Zip Viewer.chm] -- C:\Program Files (x86)\Free Zip Viewer\FreeZipViewer.exe ()
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Free Zip Viewer.chm] -- C:\Program Files (x86)\Free Zip Viewer\FreeZipViewer.exe ()
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.chm [@ = FreeZipViwerEXST] -- C:\Program Files (x86)\Free Zip Viewer\FreeZipViewer.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\windows\SysWow64\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\windows\SysWow64\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0420C317-1EFC-4A64-9BE8-70059B962B23}" = lport=445 | protocol=6 | dir=in | app=system |
"{17199A7E-5ACD-4E18-8F84-5C8FD57CFBB8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{28E921E5-09E0-490B-A4C3-B4599B556009}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2AB3AD7F-11BA-4A82-A43F-18DEE2F462B0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3229C18C-0EE8-49C6-B152-212461115866}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45916D43-3E66-46D9-A455-D4A16E719B5F}" = rport=139 | protocol=6 | dir=out | app=system |
"{46B84BAF-3052-4300-B51F-BF03E304C796}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{46F0A0D6-8898-47E3-98A9-3C020D27BD94}" = rport=137 | protocol=17 | dir=out | app=system |
"{4937C184-AD93-4AA3-93DB-3D0467CF5954}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50B90431-DD1B-4A3A-BE98-D58C26B0D208}" = rport=445 | protocol=6 | dir=out | app=system |
"{52FE6B5A-58E2-40E7-8F65-406581BC3397}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{59002800-C85A-4132-8505-1B66FA249B42}" = lport=137 | protocol=17 | dir=in | app=system |
"{6273C69E-7D92-4195-8FC2-89CE4D0BF73C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{645FA082-2EB9-42DB-9355-D53B27CADA30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7214E341-4630-44AE-A7CE-BEBA647FE277}" = lport=139 | protocol=6 | dir=in | app=system |
"{7FD013F0-5456-48F2-A6D8-460C221B02C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD93FFCC-935E-472C-A833-A1837A6E25E5}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3EDDE70-55C4-4D2B-8CB0-0691FA665800}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C113CE85-A765-49FD-8E6F-2A3C904B0904}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C4BCED1D-A7CD-4D2C-B60A-75A5F1399F40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F09AB40E-DA48-4ECA-8122-674DB859AB83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F202A85B-85F2-48C0-BE6C-18D1FCBFC675}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5C1E3EB-E7E6-4B36-A219-44AE471A0643}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD2BECF6-596C-4A91-85A2-8AD44FE70AE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0092E511-1363-480A-83EB-87C87DC48AD3}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{0270B01F-DFAD-44FD-8F3F-85BA5F16A507}" = dir=out | name=@{microsoft.bingsports_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{02CFFDA0-F72D-49CE-9AFE-61D9F61646EE}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\orangeupdate\service\oucore.exe |
"{07FAAEEE-E2FD-465C-99E1-11D5CEAE444E}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{124DD6AF-7542-4552-B804-1851710539BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1A0DA851-502A-460C-9421-A5FCFB3C8820}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B315DE9-7255-406A-9F50-14F55B251516}" = dir=out | name=jamie's recipes |
"{1D35D510-4FE7-4B5B-B4C6-7281C9453154}" = dir=out | name=tv d'orange |
"{2386249B-B6DB-4E6F-B510-B74D48A20F14}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{27691BDD-0909-4941-A2EC-1AF96FE02183}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{28375B72-1E2B-443D-A222-CC49EF5794E1}" = dir=out | name=s player |
"{28796AA7-0FC4-4527-9566-1D83C3FD6559}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2CCF8678-A65E-43FE-8F6A-5DA9EB888269}" = dir=in | name=marmiton |
"{2EC9192C-3307-4647-80B9-8C9C34FDD6D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{317B226B-0785-4A40-8157-623EE9345D85}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{362DD7EA-EA89-4AF9-AC2D-761D9F7C7654}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3672B27C-BB3C-41E0-86FC-2BC0693AC5EA}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{399DB3FA-FA33-41E2-B156-6C7A83E2B043}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{39CF0B82-86E5-45F6-A5B4-C2147D361FC0}" = dir=out | name=fansub naruto rss |
"{3D12D809-3CB4-4ACC-AED4-05110CB2D3DB}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{448C8FC8-B27E-40F2-91A7-C3541D9CEBFF}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\pluginlivebox.exe |
"{457DAA12-7319-4365-A9D7-42C4AAE148A9}" = dir=out | name=dailymotion |
"{4B0149B4-A7EA-4C0C-9C24-D3192547D539}" = dir=out | name=torrex lite - torrent downloader |
"{4D258690-26C5-4EAB-9168-39BE88D65A8E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{50A1F153-6F3D-4AD3-ADD1-1E130A57CE6D}" = dir=out | name=télé 7 programme tv |
"{58D24FA9-A16A-4577-9556-19BF26328C2E}" = dir=out | name=pinball fx2 |
"{59A01EAF-7B1E-4808-942F-2455813282D7}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\pluginlivebox.exe |
"{64ADAD05-52E7-4A5C-BF71-7E10DF306E0B}" = dir=out | name=photoeditor |
"{675610BF-7FF6-4878-A0E6-C6AFF88ECA41}" = protocol=6 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |
"{6A4A2C0A-A5D2-4C20-A36A-ACF98F7131D2}" = protocol=6 | dir=in | app=c:\users\utilisateur51\appdata\roaming\utorrent\utorrent.exe |
"{6D0C2FD3-77EF-41E4-9B1F-75E0007376CE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{718B2A68-D7CB-4C5E-9B04-79D3A6F65FDD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7364C1AB-50E9-41EE-AEFE-70B94783F816}" = dir=out | name=s camera |
"{76289E53-25E3-4307-B2E0-7D055D4F40B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DD46ED5-1CE5-45AC-948F-33CBBD014C39}" = dir=out | name=s gallery |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8123B6A2-9818-431C-A2F1-C92828A945F1}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\liveboxmanager.exe |
"{81AE69F0-A98D-444E-84FB-D7FB4F7A902B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{84F9FEDB-7523-4EC1-8701-841E117443B6}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\plugindmcontrolpoint.exe |
"{896BCD71-2681-4D53-B8E4-289198D70FA3}" = dir=out | name=windows_ie_ac_001 |
"{8AEFCF8D-5573-4BE1-AF77-482D7A1D2D2F}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\liveboxmanager.exe |
"{928449F4-BF91-4839-B84E-6031094A43D4}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{988994FF-8DE5-4D7E-B22C-4251BE2A3200}" = dir=out | name=shark dash |
"{9C0452B3-5CBF-4994-8C20-752CB1A3DB3F}" = dir=in | name=pinball fx2 |
"{A0E64B11-FFE5-4E6C-A35E-42A9A5B4A923}" = dir=out | name=allociné |
"{A427B069-5B91-4D24-8FE9-20A0689E18C7}" = dir=out | name=marmiton |
"{A9D2D6E4-75D9-4758-95E6-616A8A276F89}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{ADC16A1B-CD8B-4CBB-A462-412268F6CEF4}" = dir=out | name=têtes à claques |
"{AECDE575-6AD0-42DA-9717-4F23736D9FF4}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{B02E227B-8D81-4760-A4D6-A049E65FA710}" = dir=out | name=fresh paint |
"{B10202C3-9994-4E69-BCCB-9710C03755D1}" = dir=out | name=@{microsoft.zunevideo_1.5.444.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{B32AC2B1-E5F4-47C7-B8C6-DFD5D8EA9ECE}" = dir=out | name=adera |
"{B6E9CE12-3FE7-41A2-94F9-9BF9350D547F}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\plugindmcontrolpoint.exe |
"{BA89BDF3-4875-461F-BF98-88950BE55B4F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BAA1A18E-322A-484B-B70E-4EF9975B526F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{BFAD93FF-752B-4FD2-913C-FB6FA68908FB}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{C07A3032-E266-4339-8F35-46E899D624A4}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{C1EF57CA-903F-447A-B446-175C29A87BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\orangeupdate\service\oucore.exe |
"{C4F1366C-4143-4810-8685-CA7B4FB7CE2B}" = protocol=17 | dir=in | app=d:\network\epsonnetsetup\eneasyapp.exe |
"{C795142B-1883-406A-8B06-69C36CDB2A39}" = dir=out | name=@{magix.musicmakerjam_1.7.1016.1_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{CAE6A4DB-8DBC-455C-B13F-A52DF2BC8FAC}" = dir=out | name=l'equipe.fr |
"{CF2D1E26-0F32-4E83-A28A-DC4017DE924E}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{D30B8FBA-1425-40C2-BCFA-706C235D9043}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8ED42C0-D2AE-485F-8404-CE4834F97C40}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBA76A5B-62D3-4EDC-9D7E-EBF4EADC1F55}" = dir=out | name=télé-loisirs programme tv |
"{DD3AA04E-AA76-41B1-9561-9AC93A27E785}" = dir=in | app=c:\users\utilisateur51\appdata\local\microsoft\skydrive\skydrive.exe |
"{DFFCCDA0-D12F-49AB-AB9E-0C2DC2C1BF7B}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\dedicarzservice.exe |
"{E16DF0F2-3455-4696-9D98-4C8E3186EF40}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E47D5830-89DF-4351-8D68-776B6B8C5A7C}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dedicarz\dedicarzservice.exe |
"{E4AF24B6-87CB-4A4F-9995-3F0860151E9C}" = dir=in | name=@{magix.musicmakerjam_1.7.1016.1_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{E5C2FA5D-4E3A-4061-8238-53DB408A0088}" = protocol=17 | dir=in | app=c:\users\utilisateur51\appdata\roaming\utorrent\utorrent.exe |
"{E6963A32-C860-4D92-931E-9A5454430FAB}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E898DE9E-B6A4-4ED8-96D1-02F2E70D37CC}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{EA9CE35F-592E-4C4C-967F-73A2F2E294FB}" = dir=out | name=anime.tn streaming |
"{F09820B1-4D13-43F0-9430-3E2FDEB60FDD}" = dir=out | name=kiosque relay |
"{F1CDD2E5-7431-4A38-8057-C074C47A695C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F75979B4-64B4-4660-93DA-6C491369AF7A}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{F9015E13-AE01-489D-836B-20B35BF84B26}" = dir=in | name=torrex lite - torrent downloader |
"{FBB5F2DF-A8A4-4A48-ACBD-BEC80B08041F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{5CBDC4A4-B830-4559-99C2-573A584F88C6}C:\users\utilisateur51\desktop\utorrent-utorrent-3.exe" = protocol=6 | dir=in | app=c:\users\utilisateur51\desktop\utorrent-utorrent-3.exe |
"TCP Query User{D9A71E8A-45D4-4996-907F-FF7A442B58C9}C:\program files (x86)\orange\assistance livebox\dist\st2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dist\st2.exe |
"UDP Query User{1E820E0F-A062-416A-BC3F-198774D0FF1E}C:\users\utilisateur51\desktop\utorrent-utorrent-3.exe" = protocol=17 | dir=in | app=c:\users\utilisateur51\desktop\utorrent-utorrent-3.exe |
"UDP Query User{84B907CB-D895-4EFA-8623-E3A3CF776341}C:\program files (x86)\orange\assistance livebox\dist\st2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orange\assistance livebox\dist\st2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18BB06D9-8518-48E5-88F7-5AE1DF02546B}" = Help Desk
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{28A683FB-7BEF-4C94-93D1-0DDDB7761894}" = OnlineThreatsEngine
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{30228E21-6B5C-4437-A471-73AC7EAC07D6}" = MC770A_MC770AQ_MC570QA
"{48FC7E7B-E36A-4DE5-86E0-8C71542679E8}" = MC582ML
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57C84705-FA60-4288-9432-2F704F6D335A}" = AntispamEngine
"{5CEBB0CE-1783-40C2-A7E1-02EE705820F0}" = Adblock Plus for IE (32-bit and 64-bit)
"{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine
"{6A16ADA5-0B30-4893-84AB-961B1340D14A}" = AdAwareUpdater
"{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater" = Ad-Aware Antivirus
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73280CF7-9471-4FB6-B018-E5FD7A09F1AF}" = Support Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877C7A27-7529-4B0C-BA7B-4D697E90DDC1}" = FirewallEngine
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969B5BFB-094D-4D96-AC0C-C1A2675DB583}" = S Agent
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AC7D612A-9805-4BB8-A8CA-4CCFE361B4B7}" = AdAwareInstaller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 307.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 307.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE5E1FC7-FD27-493F-A65F-23AD7ED9661D}" = WebFilteringEngine
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"EPSON XP-312 313 315 Series" = EPSON XP-312 313 315 Series Printer Uninstall
"HomeStudentRetail - fr-fr" = Microsoft Office Famille et Etudiant 2013 - fr-fr
"WinRAR archiver" = WinRAR 5.00 (64 bits)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F2E61A-3A04-4B8C-A828-8E2596F7EFF5}" = GestureControl
"{0668E92A-CBC3-455E-9099-93D99EC00285}" = ArcSoft TV 5.0
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1610D72A-3656-4842-A1A7-1208B4EB168F}" = User Guide
"{1ce01891-839b-4ad1-b629-2e608ba0c6ba}" = Adblock Plus for IE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{403BBE15-C64E-429A-9652-1C4EFF327457}" = SW Update
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{674E262F-72EA-41C1-AF16-9727311A4553}" = Epson Easy Photo Print 2
"{6C955C6B-83AB-402B-8E38-86CFBFB738B1}" = Support Center FAQ
"{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}" = Software Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}" = Manuels EPSON
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-040C-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}" = Epson E-Web Print
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{ECEA43C7-A861-498F-9B3E-5480C6C03E7F}" = Intel® C++ Redistributables on IA-32
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"adawaretb" = Ad-Aware Security Add-on
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Assistance Livebox" = Assistance Livebox
"AVerMedia A328 Mini-Card Hybrid TV Tuner" = AVerMedia A328 Mini-Card Hybrid TV Tuner 2.2.64.80
"EPSON Scanner" = EPSON Scan
"FormatFactory" = FormatFactory 3.2.1.0
"Free Zip Viewer" = Free Zip Viewer
"HotspotShield" = Hotspot Shield 3.23
"InstallShield_{0668E92A-CBC3-455E-9099-93D99EC00285}" = ArcSoft TV 5.0
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center
"Mozilla Firefox 27.0.1 (x86 fr)" = Mozilla Firefox 27.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OrangeUpdateManager" = Orange update
"Plants vs. Zombies" = Plants vs. Zombies
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
"SkyDriveSetup.exe" = Microsoft SkyDrive
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07/03/2014 17:30:05 | Computer Name = Utilisateur | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15562
 
Error - 07/03/2014 17:30:05 | Computer Name = Utilisateur | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15562
 
Error - 18/03/2014 02:37:17 | Computer Name = Utilisateur | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante cmw_srv.exe, version : 3.23.0.21899,
 horodatage : 0x52b1e7f9  Nom du module défaillant : cmw_srv.exe, version : 3.23.0.21899,
 horodatage : 0x52b1e7f9  Code d’exception : 0x40000015  Décalage d’erreur : 0x00088f3d
ID
 du processus défaillant : 0x93c  Heure de début de l’application défaillante : 0x01cf406e5e7a756a
Chemin
 d’accès de l’application défaillante : C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
Chemin
 d’accès du module défaillant: C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
ID
 de rapport : bf6c30fd-ae67-11e3-beb3-50b7c3b4eec0  Nom complet du package défaillant :
   ID de l’application relative au package défaillant :
 
Error - 20/03/2014 13:52:39 | Computer Name = Utilisateur | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16843,
 horodatage : 0x53096fea  Nom du module défaillant : adawaretb.dll, version : 5.0.8.273,
 horodatage : 0x529cef42  Code d’exception : 0xc0000005  Décalage d’erreur : 0x00024430
ID
 du processus défaillant : 0x19f8  Heure de début de l’application défaillante : 0x01cf4464eac96bbd
Chemin
 d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Chemin
 d’accès du module défaillant: C:\Program Files (x86)\Lavasoft\AdAware SecureSearch
 Toolbar\adawaretb.dll  ID de rapport : 6cfff03e-b058-11e3-beb6-50b7c3b4eec0  Nom complet
 du package défaillant :   ID de l’application relative au package défaillant :
 
Error - 22/03/2014 05:32:19 | Computer Name = Utilisateur | Source = Application Hang | ID = 1002
Description = Le programme SDUpdate.exe version 2.2.18.91 a cessé d’interagir avec
 Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
 disponibles, consultez l’historique du problème dans le Centre de maintenance.    ID
 de processus : 1024    Heure de début : 01cf45b185568356    Heure de fin : 0    Chemin d’accès
 de l’application : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

ID
 de rapport : d5f06e76-b1a4-11e3-beb6-50b7c3b4eec0    Nom complet du package défaillant :
     ID de l’application relative au package défaillant :   
 
Error - 22/03/2014 13:47:03 | Computer Name = Utilisateur | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Échec de l’activation de l’application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews
 avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error - 22/03/2014 13:56:33 | Computer Name = Utilisateur | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante AdAwareTray.exe, version : 11.1.5354.0,
 horodatage : 0x52e1221b  Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16451,
 horodatage : 0x50988aa6  Code d’exception : 0xc000041d  Décalage d’erreur : 0x000000000003811c
ID
 du processus défaillant : 0xfdc  Heure de début de l’application défaillante : 0x01cf445db1040892
Chemin
 d’accès de l’application défaillante : C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware
 Antivirus\11.1.5354.0\AdAwareTray.exe  Chemin d’accès du module défaillant: C:\windows\system32\KERNELBASE.dll
ID
 de rapport : 4d6dfe4b-b1eb-11e3-beb6-50b7c3b4eec0  Nom complet du package défaillant :
   ID de l’application relative au package défaillant :
 
Error - 24/03/2014 06:13:43 | Computer Name = Utilisateur | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante Explorer.EXE, version : 6.2.9200.16628,
 horodatage : 0x51a94434  Nom du module défaillant : SHELL32.dll, version : 6.2.9200.16774,
 horodatage : 0x52a2843a  Code d’exception : 0xc0000005  Décalage d’erreur : 0x00000000000c7c0e
ID
 du processus défaillant : 0x7dc  Heure de début de l’application défaillante : 0x01cf445da3f2b2d2
Chemin
 d’accès de l’application défaillante : C:\windows\Explorer.EXE  Chemin d’accès du
 module défaillant: C:\windows\system32\SHELL32.dll  ID de rapport : f9f933dc-b33c-11e3-beb6-50b7c3b4eec0
Nom
 complet du package défaillant :   ID de l’application relative au package défaillant :
 
 
Error - 24/03/2014 06:15:52 | Computer Name = Utilisateur | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante explorer.exe, version : 6.2.9200.16628,
 horodatage : 0x51a94434  Nom du module défaillant : SHELL32.dll, version : 6.2.9200.16774,
 horodatage : 0x52a2843a  Code d’exception : 0xc0000005  Décalage d’erreur : 0x00000000000c7c0e
ID
 du processus défaillant : 0x1068  Heure de début de l’application défaillante : 0x01cf4749c665647b
Chemin
 d’accès de l’application défaillante : C:\windows\explorer.exe  Chemin d’accès du
 module défaillant: C:\windows\system32\SHELL32.dll  ID de rapport : 46a0cf50-b33d-11e3-beb6-50b7c3b4eec0
Nom
 complet du package défaillant :   ID de l’application relative au package défaillant :
 
 
Error - 24/03/2014 06:19:15 | Computer Name = Utilisateur | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante explorer.exe, version : 6.2.9200.16628,
 horodatage : 0x51a94434  Nom du module défaillant : SHELL32.dll, version : 6.2.9200.16774,
 horodatage : 0x52a2843a  Code d’exception : 0xc0000005  Décalage d’erreur : 0x00000000000c7c0e
ID
 du processus défaillant : 0x15fc  Heure de début de l’application défaillante : 0x01cf474a0cd42263
Chemin
 d’accès de l’application défaillante : C:\windows\explorer.exe  Chemin d’accès du
 module défaillant: C:\windows\system32\SHELL32.dll  ID de rapport : c01cb82b-b33d-11e3-beb6-50b7c3b4eec0
Nom
 complet du package défaillant :   ID de l’application relative au package défaillant :
 
 
[ System Events ]
Error - 25/01/2014 11:36:03 | Computer Name = Utilisateur | Source = BugCheck | ID = 1001
Description =
 
Error - 26/01/2014 13:37:18 | Computer Name = Utilisateur | Source = DCOM | ID = 10010
Description =
 
Error - 26/01/2014 13:37:19 | Computer Name = Utilisateur | Source = DCOM | ID = 10010
Description =
 
Error - 26/01/2014 13:37:19 | Computer Name = Utilisateur | Source = DCOM | ID = 10010
Description =
 
Error - 26/01/2014 13:37:19 | Computer Name = Utilisateur | Source = DCOM | ID = 10010
Description =
 
Error - 13/02/2014 04:50:54 | Computer Name = Utilisateur | Source = Ntfs | ID = 55
Description = Une défaillance a été détectée dans la structure du système de fichiers
 sur le volume ??.    La table MFT (Master File Table) contient un enregistrement de
 fichier endommagé. Le numéro de référence du fichier est 0x4000000037dc7. Le nom
 du fichier est « <impossible de déterminer le nom de fichier> ».  
 
Error - 13/02/2014 04:51:19 | Computer Name = Utilisateur | Source = Ntfs | ID = 55
Description = Une défaillance a été détectée dans la structure du système de fichiers
 sur le volume ??.    La table MFT (Master File Table) contient un enregistrement de
 fichier endommagé. Le numéro de référence du fichier est 0xc000000037236. Le nom
 du fichier est « <impossible de déterminer le nom de fichier> ».  
 
Error - 13/02/2014 08:52:48 | Computer Name = Utilisateur | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 13:48:51 le ?13/?02/?2014 n’était pas
prévu.
 
Error - 13/02/2014 08:53:12 | Computer Name = Utilisateur | Source = BugCheck | ID = 1001
Description =
 
Error - 16/02/2014 06:32:26 | Computer Name = Utilisateur | Source = Ntfs | ID = 55
Description = Une défaillance a été détectée dans la structure du système de fichiers
 sur le volume ??.    La table MFT (Master File Table) contient un enregistrement de
 fichier endommagé. Le numéro de référence du fichier est 0xc000000037236. Le nom
 du fichier est « <impossible de déterminer le nom de fichier> ».  
 
 
< End of report >
 



#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:24 PM

Posted 24 March 2014 - 07:37 AM

Hello davio6251,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 08:52 AM

hello jo,
there is a malware Detected

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Non-administrative

Internet Explorer version: 10.0.9200.16843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.794000 GHz
Memory total: 4174647296, free: 2385989632

=======================================
Initializing...
------------ Kernel report ------------
     03/24/2014 14:27:58
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys
\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\hssdrv6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\taphss6.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\circlass.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dvb7700all.sys
\SystemRoot\System32\Drivers\BdaSup.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\DRIVERS\Trufos.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa8004175740
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xfffffa80041eb060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004d43060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xfffffa80045ff480
Lower Device Driver Name: \Driver\storahci\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004d43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004d43b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004d43060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80045fdca0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80045ff480, DeviceName: \Device\00000039\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 62198375

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 921343373
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid f1424529-1435-4962-ac29-4b3b9495bf2
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 921343373
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid f1424529-1435-4962-ac29-4b3b9495bf2
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 789a53f0-1ecc-457f-994a-1bca3dd1ea76
    FirstLBA 2048  Last LBA 1026047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 981b5d3c-79bc-4051-84c1-d87865f2edc
    FirstLBA 1026048  Last LBA 1640447
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID ccbefe14-db4f-4341-b1ab-4c7d681d50a6
    FirstLBA 1640448  Last LBA 1902591
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 5d82f40-e348-4f71-8890-b7b34e9335a
    FirstLBA 1902592  Last LBA 1901377536
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2644757c-bc76-475c-b651-5aaf2a92cf48
    FirstLBA 1901379584  Last LBA 1902094335
    Attributes 1
    Partition Name                                     

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 1293ec22-8ae6-4a38-99d5-6622b875bebf
    FirstLBA 1902094337  Last LBA 1951426560
    Attributes 1
    Partition Name                 Basic data partition

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 6172452b-e8b0-4700-4173-636c65706975
    FirstLBA 1951426561  Last LBA 1953523712
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004175740, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80041fd040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004175740, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80041eb060, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\$Recycle.Bin\S-1-5-21-2019195115-1192297090-2364401295-1002\$RV9Y8G6.exe --> [Spyware.Password]
Scan finished

 



#8 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 09:09 AM

# AdwCleaner v3.022 - Rapport créé le 24/03/2014 à 14:55:26
# Mis à jour le 13/03/2014 par Xplode
# Système d'exploitation : Windows 8  (64 bits)
# Nom d'utilisateur : Utilisateur51 - UTILISATEUR
# Exécuté depuis : C:\Users\Utilisateur51\Downloads\AdwCleaner.exe
# Option : Scanner

***** [ Services ] *****

Service Présent : hshld
Service Présent : hsstrayservice
Service Présent : hsswd

***** [ Fichiers / Dossiers ] *****

Dossier Présent : C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\Extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
Dossier Présent : C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\Extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
Dossier Présent C:\Program Files (x86)\hotspot shield
Dossier Présent C:\Program Files (x86)\Toolbar Cleaner
Dossier Présent C:\ProgramData\Babylon
Dossier Présent C:\ProgramData\blekko toolbars
Dossier Présent C:\ProgramData\boost_interprocess
Dossier Présent C:\ProgramData\hotspot shield
Dossier Présent C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Dossier Présent C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Dossier Présent C:\Users\Utilisateur51\AppData\LocalLow\adawaretb
Dossier Présent C:\Users\Utilisateur51\AppData\Roaming\hotspot shield
Dossier Présent C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\adawaretb
Dossier Présent C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\CT2851639
Dossier Présent C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\Smartbar
Dossier Présent C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\ValueApps
Dossier Présent C:\Users\Utilisateur51\AppData\Roaming\Systweak
Dossier Présent C:\windows\SysWOW64\hotspot shield
Fichier Présent : C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\invalidprefs.js
Fichier Présent : C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\user.js
Fichier Présent : C:\windows\System32\roboot64.exe
Fichier Présent : C:\windows\System32\Tasks\LaunchApp

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\anchorfree
Clé Présente : HKCU\Software\AppDataLow\Software\adawaretb
Clé Présente : HKCU\Software\AppDataLow\Software\SmartBar
Clé Présente : HKCU\Software\BabSolution
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\DataMngr
Clé Présente : HKCU\Software\DataMngr_Toolbar
Clé Présente : HKCU\Software\Delta
Clé Présente : HKCU\Software\Iminent
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Présente : HKCU\Software\Softonic
Clé Présente : [x64] HKCU\Software\anchorfree
Clé Présente : [x64] HKCU\Software\BabSolution
Clé Présente : [x64] HKCU\Software\Conduit
Clé Présente : [x64] HKCU\Software\DataMngr
Clé Présente : [x64] HKCU\Software\DataMngr_Toolbar
Clé Présente : [x64] HKCU\Software\Delta
Clé Présente : [x64] HKCU\Software\Iminent
Clé Présente : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : [x64] HKCU\Software\Softonic
Clé Présente : HKLM\SOFTWARE\5c4dfdabd3cbe46
Clé Présente : HKLM\Software\adawaretb
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Clé Présente : HKLM\Software\Conduit
Clé Présente : HKLM\Software\DataMngr
Clé Présente : HKLM\Software\Delta
Clé Présente : HKLM\Software\hotspotshield
Clé Présente : HKLM\Software\Iminent
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Clé Présente : HKLM\Software\systweak
Clé Présente : HKLM\Software\Toolbar Cleaner
Clé Présente : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Valeur Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16843

Paramètre Présent : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=721312B7C3B4EEBF&affID=121442&tsp=5027

-\\ Mozilla Firefox v27.0.1 (fr)

[ Fichier : C:\Users\Utilisateur51\AppData\Roaming\Mozilla\Firefox\Profiles\4273htib.default\prefs.js ]

Ligne Trouvée : user_pref("CT2851639.1000234.TWC_TMP_city", "REIMS");
Ligne Trouvée : user_pref("CT2851639.1000234.TWC_TMP_country", "FR");
Ligne Trouvée : user_pref("CT2851639.1000234.TWC_country", "FRANCE");
Ligne Trouvée : user_pref("CT2851639.1000234.TWC_locId", "FRXX0080");
Ligne Trouvée : user_pref("CT2851639.1000234.TWC_location", "Reims, France");
Ligne Trouvée : user_pref("CT2851639.1000234.TWC_region", "FR");
Ligne Trouvée : user_pref("CT2851639.1000234.TWC_temp_dis", "C");
Ligne Trouvée : user_pref("CT2851639.1000234.TWC_wind_dis", "kmh");
Ligne Trouvée : user_pref("CT2851639.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Ligne Trouvée : user_pref("CT2851639.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Trouvée : user_pref("CT2851639.FF19Solved", "true");
Ligne Trouvée : user_pref("CT2851639.Facebook_Mode.enc", "Mg==");
Ligne Trouvée : user_pref("CT2851639.Facebook_User_Locale.enc", "ZnI=");
Ligne Trouvée : user_pref("CT2851639.FirstTime", "true");
Ligne Trouvée : user_pref("CT2851639.FirstTimeFF3", "true");
Ligne Trouvée : user_pref("CT2851639.PG_ENABLE", "dHJ1ZQ==");
Ligne Trouvée : user_pref("CT2851639.PairingKey", "%C9%BE%B7%BB%CC%B6%CB%BD%C8%B7%B8%CA%BE%BA%BF%BA%B6%B6%B9%CC%B8%BF%B8%B9%C8%BF%C8%B8%CC%CC%CA%B6%BB%B6%BD%B9%BE%BF%BA%CA");
Ligne Trouvée : user_pref("CT2851639.PairingKey.enc", "QzgxNUYwRTdCMTJEODQ5NDAwM0YyOTIzQjlCMkZGRDA1MDczODk0RA==");
Ligne Trouvée : user_pref("CT2851639.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Ligne Trouvée : user_pref("CT2851639.SF_STATUS.enc", "RU5BQkxFRA==");
Ligne Trouvée : user_pref("CT2851639.SF_USER_ID.enc", "Y2lkXzcxMDIwMTMxNzI0NDU1NTI1NDQz");
Ligne Trouvée : user_pref("CT2851639.SearchAppState.enc", "Mg==");
Ligne Trouvée : user_pref("CT2851639.UserID", "UN82266537621692289");
Ligne Trouvée : user_pref("CT2851639.addressBarTakeOverEnabledInHidden", "true");
Ligne Trouvée : user_pref("CT2851639.cb_experience_000", "%BA%B9");
Ligne Trouvée : user_pref("CT2851639.cb_experience_000.enc", "NDM=");
Ligne Trouvée : user_pref("CT2851639.cb_firstuse0100", "%B7");
Ligne Trouvée : user_pref("CT2851639.cb_firstuse0100.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.cb_user_id_000.enc", "Q0I5MDY4NzAzODcwNzNfMTM4MTI5MTA4Nzc1M19GaXJlZm94");
Ligne Trouvée : user_pref("CT2851639.cbfirsttime.enc", "U3VuIE9jdCAwNiAyMDEzIDExOjQwOjM0IEdNVCswMjAw");
Ligne Trouvée : user_pref("CT2851639.countryCode", "FR");
Ligne Trouvée : user_pref("CT2851639.defaultSearch", "false");
Ligne Trouvée : user_pref("CT2851639.embeddedsData", "[{\"appId\":\"129351529700743801\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Ligne Trouvée : user_pref("CT2851639.enableSearchFromAddressBar", "false");
Ligne Trouvée : user_pref("CT2851639.firstTimeDialogOpened", "true");
Ligne Trouvée : user_pref("CT2851639.fixPageNotFoundErrorByUser", "false");
Ligne Trouvée : user_pref("CT2851639.fixPageNotFoundErrorInHidden", "true");
Ligne Trouvée : user_pref("CT2851639.fullUserID", "UN82266537621692289.IN.20131006113928");
Ligne Trouvée : user_pref("CT2851639.installDate", "06/10/2013 11:39:30");
Ligne Trouvée : user_pref("CT2851639.installSessionId", "-1");
Ligne Trouvée : user_pref("CT2851639.installSp", "FALSE");
Ligne Trouvée : user_pref("CT2851639.installType", "xpe");
Ligne Trouvée : user_pref("CT2851639.installUsage", "2013-10-06T12:40:07.8078318+03:00");
Ligne Trouvée : user_pref("CT2851639.installUsageEarly", "2013-10-06T12:40:07.0902272+03:00");
Ligne Trouvée : user_pref("CT2851639.installerVersion", "1.7.0.9");
Ligne Trouvée : user_pref("CT2851639.isCheckedStartAsHidden", true);
Ligne Trouvée : user_pref("CT2851639.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Trouvée : user_pref("CT2851639.isFirstTimeToolbarLoading", "false");
Ligne Trouvée : user_pref("CT2851639.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Ligne Trouvée : user_pref("CT2851639.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Ligne Trouvée : user_pref("CT2851639.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2851639&octid=CT2851639&SearchSource=15&CUI=UN82266537621692289&SSPV=&Lay=1&UM=1\"}");
Ligne Trouvée : user_pref("CT2851639.lastVersion", "10.23.0.822");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appStateReportTime", "%B7%B9%BE%BD%BA%BD%B6%B7%BF%BC%B8%B6%B6");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appStateReportTime.enc", "MTM4NzQ3MDE5NjIwMA==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appState_CouponBuddy.enc", "b24=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appState_Easytobook.enc", "b24=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appState_PriceGong.enc", "b24=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appState_WindowShopper.enc", "b24=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJQcmljZUdvbmciLCJ1cmwiOiJodHRwOi8vcHJpY2Vnb25nLmNvbmR1aXRhcHBzLmNvbS9NQU0vdjEvaHRtbF9jb21wLmh0bWwiLCJjcml0ZXJpYXMiOl[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Ligne Trouvée : user_pref("CT2851639.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_calledSetupService.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_currentVersion", "%B7%B4%B7%B8%B4%B6%B4%BB");
Ligne Trouvée : user_pref("CT2851639.mam_gk_currentVersion.enc", "MS4xMi4wLjU=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_first_time", "%B7");
Ligne Trouvée : user_pref("CT2851639.mam_gk_first_time.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_lastLoginTime", "%B7%B9%BE%BD%BA%BD%B6%B7%BF%BD%B7%B8%B9");
Ligne Trouvée : user_pref("CT2851639.mam_gk_lastLoginTime.enc", "MTM4NzQ3MDE5NzEyMw==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJQcm9tb1xuZHUgam91ciJ9LCJkbWJveDIiOnsiVGV4dCI6IkxpdnJhaXNvblxuZ3JhdHVpdGUifSwiZG1idWxsZXQxIjp7[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_new_welcome_experience.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiRlIiLCJpc1dlbGNvbWVFeHBl[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_settings1.11.4.2", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6%B2%A8%F9%FA%E[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMF8wIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQi[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_settings1.11.5.1", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6%B2%A8%F9%FA%E[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_settings1.11.5.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMF8wIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQi[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_settings1.12.0.5", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%EF%F4%FA%EB%F8%FC%E7%F2%A8%C0%B8%BA%B6%B2%A8%F9%FA%E[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMF8wIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1bHQi[...]
Ligne Trouvée : user_pref("CT2851639.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Ligne Trouvée : user_pref("CT2851639.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Ligne Trouvée : user_pref("CT2851639.mam_gk_stamp.enc", "ODRfMA==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_userId", "%B9%B8%EC%B7%B8%BB%E9%BE%B3%EC%BC%EB%B8%B3%BA%EA%BB%E9%B3%BF%BD%B8%BF%B3%E8%E7%B7%E8%BE%E7%E7%EB%B9%E8%E7%EA");
Ligne Trouvée : user_pref("CT2851639.mam_gk_userId.enc", "MzJmMTI1YzgtZjZlMi00ZDVjLTk3MjktYmExYjhhYWUzYmFk");
Ligne Trouvée : user_pref("CT2851639.mam_gk_user_approval_interacted", "%B7");
Ligne Trouvée : user_pref("CT2851639.mam_gk_user_approval_interacted.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.mam_gk_welcomeDialogMode", "%B7");
Ligne Trouvée : user_pref("CT2851639.mam_gk_welcomeDialogMode.enc", "MQ==");
Ligne Trouvée : user_pref("CT2851639.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.fr.adp.com%2Fadp-actualites-evenements%2Fnouveau-bulletin-paie-explique-2014\",\"EB_MAIN[...]
Ligne Trouvée : user_pref("CT2851639.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Ligne Trouvée : user_pref("CT2851639.openThankYouPage", "true");
Ligne Trouvée : user_pref("CT2851639.openUninstallPage", "false");
Ligne Trouvée : user_pref("CT2851639.price-gong.isManagedApp", "true");
Ligne Trouvée : user_pref("CT2851639.revertSettingsEnabled", "FALSE");
Ligne Trouvée : user_pref("CT2851639.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Ligne Trouvée : user_pref("CT2851639.search.searchAppId", "129351529700743801");
Ligne Trouvée : user_pref("CT2851639.search.searchCount", "2");
Ligne Trouvée : user_pref("CT2851639.searchInNewTabEnabledByUser", "false");
Ligne Trouvée : user_pref("CT2851639.searchInNewTabEnabledInHidden", "true");
Ligne Trouvée : user_pref("CT2851639.searchRevert", "FALSE");
Ligne Trouvée : user_pref("CT2851639.searchSuggestEnabledByUser", "false");
Ligne Trouvée : user_pref("CT2851639.searchUserMode", "1");
Ligne Trouvée : user_pref("CT2851639.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Ligne Trouvée : user_pref("CT2851639.selectToSearchBoxEnabledByUser", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Trouvée : user_pref("CT2851639.sendUsageEnabled", "false");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851639\"}");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarFR.OurToolbar.com//xpi\"}");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_FR \"}");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_Configuration_lastUpdate", "1392056306799");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1391777358542");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_appsMetadata_lastUpdate", "1392056306502");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1392055738869");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1381052406115");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1381052407341");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_login_10.20.0.13_lastUpdate", "1381159431303");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_login_10.20.0.513_lastUpdate", "1386258735256");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_login_10.22.3.518_lastUpdate", "1387470189015");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_login_10.23.0.822_lastUpdate", "1392122814896");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1392055738901");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_searchAPI_lastUpdate", "1392056306833");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_serviceMap_lastUpdate", "1392056306482");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_toolbarContextMenu_lastUpdate", "1392056306870");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_toolbarSettings_lastUpdate", "1392123858947");
Ligne Trouvée : user_pref("CT2851639.serviceLayer_services_translation_lastUpdate", "1392056307155");
Ligne Trouvée : user_pref("CT2851639.settingsINI", true);
Ligne Trouvée : user_pref("CT2851639.shouldFirstTimeDialog", "false");
Ligne Trouvée : user_pref("CT2851639.showToolbarPermission", "false");
Ligne Trouvée : user_pref("CT2851639.smartbar.CTID", "CT2851639");
Ligne Trouvée : user_pref("CT2851639.smartbar.Uninstall", "0");
Ligne Trouvée : user_pref("CT2851639.smartbar.toolbarName", "uTorrentBar_FR ");
Ligne Trouvée : user_pref("CT2851639.startPage", "false");
Ligne Trouvée : user_pref("CT2851639.toolbarBornServerTime", "6-10-2013");
Ligne Trouvée : user_pref("CT2851639.toolbarCurrentServerTime", "11-2-2014");
Ligne Trouvée : user_pref("CT2851639.toolbarDisabled", "true");
Ligne Trouvée : user_pref("CT2851639.toolbarLoginClientTime", "Sun Oct 06 2013 11:40:07 GMT+0200");
Ligne Trouvée : user_pref("CT2851639.uTTorrents.enc", "eyJidWlsZCI6MzAzMDMsInRvcnJlbnRzIjpbWyIwMTQwOUQ3RUY2NjhFOTA3MDM4NjFGN0YxQjUzOEM1MDkxRUE0MTM3IiwxMzYsIk1pbmVjcmFmdCBbTVVMVEldW1hCT1gzNjBdW1JlZ2lvbiBGcmVlXVtYREcyX[...]
Ligne Trouvée : user_pref("CT2851639.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%FA%FB%F3%E8%F2%F8%B4%E9%F5%F3%B5%FA%E7%ED%ED%EB%EA%B5%EF%FA%B3%FD%E7%F9%F4%AB%B8%BD%FA%B3%FB%F4%FA%EF%F2%B3%EF%B3%EC%F5%F2%F2%F5%FD%EB%EA%[...]
Ligne Trouvée : user_pref("CT2851639.url_history0001.enc", "aHR0cDovL3R1bWJsci5jb20vdGFnZ2VkL2l0LXdhc24lMjd0LXVudGlsLWktZm9sbG93ZWQtZmFuZG9tLWJsb2dzLXRoYXQtaS13YXMtc3R1Y2staGVyZTo6OmNsaWNraGFuZGxlcjo6OjEzODczODk4NTA4[...]
Ligne Trouvée : user_pref("CT2851639.versionFromInstaller", "10.20.0.13");
Ligne Trouvée : user_pref("CT2851639.xpeMode", "0");
Ligne Trouvée : user_pref("CT2851639_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1392121100798,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Ligne Trouvée : user_pref("extensions.delta.admin", false);
Ligne Trouvée : user_pref("extensions.delta.aflt", "babsst");
Ligne Trouvée : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Ligne Trouvée : user_pref("extensions.delta.autoRvrt", "false");
Ligne Trouvée : user_pref("extensions.delta.dfltLng", "fr");
Ligne Trouvée : user_pref("extensions.delta.excTlbr", false);
Ligne Trouvée : user_pref("extensions.delta.ffxUnstlRst", true);
Ligne Trouvée : user_pref("extensions.delta.id", "721390b700000000000012b7c3b4eebf");
Ligne Trouvée : user_pref("extensions.delta.instlDay", "15984");
Ligne Trouvée : user_pref("extensions.delta.instlRef", "sst");
Ligne Trouvée : user_pref("extensions.delta.newTab", false);
Ligne Trouvée : user_pref("extensions.delta.prdct", "delta");
Ligne Trouvée : user_pref("extensions.delta.prtnrId", "delta");
Ligne Trouvée : user_pref("extensions.delta.rvrt", "false");
Ligne Trouvée : user_pref("extensions.delta.smplGrp", "none");
Ligne Trouvée : user_pref("extensions.delta.tlbrId", "base");
Ligne Trouvée : user_pref("extensions.delta.tlbrSrchUrl", "");
Ligne Trouvée : user_pref("extensions.delta.vrsn", "1.8.24.6");
Ligne Trouvée : user_pref("extensions.delta.vrsnTs", "1.8.24.611:28:28");
Ligne Trouvée : user_pref("extensions.delta.vrsni", "1.8.24.6");
Ligne Trouvée : user_pref("extensions.delta_i.babExt", "");
Ligne Trouvée : user_pref("extensions.delta_i.babTrack", "affID=121442&tsp=5027");
Ligne Trouvée : user_pref("extensions.delta_i.srcExt", "ss");
Ligne Trouvée : user_pref("iminent.LayoutId", "1");
Ligne Trouvée : user_pref("iminent.version", "7.36.1.1");
Ligne Trouvée : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.36.1.1\",\"InstallEventCTime\":1381051766563,\"InstallEvent\":\"True\"}");
Ligne Trouvée : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Ligne Trouvée : user_pref("smartbar.machineId", "88Y89ZUNTEJR4SN2YBWIRVJ1X0MMZLSGUOPSXHTVTCUNAVELD5JYUVEMPQCOX4A70NO7VPPWYXW+0R8SXAGATW");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E+x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E,x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E-x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E.:2z527.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E.x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E/x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E06CG5EL8:", "6E6D687072736F706F76");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E06CG5EL8:.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E7678797576757C242F4B49474F42357D5D5C3D");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E06CG5EL;8I:K.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E0x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E1x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E2x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ0J>>6\"MBE", "247E61393F236B257571707A742B222D6F4250454E337B353D574B4B432F5A4F523F364124615651595457514A334C2A7C4F465134717462563F584A445B525D6F6E727E6E227165[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ0J>>6\"MBE.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ3FJ@M=MIQEP(SHK", "247E61393F236B2574777371772B222D6F4250454E337B354053574D5A4A5A565E525D35605558453C472A675C575F5A5D575039523131554C5769686C78687B6B5F4867627[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ3FJ@M=MIQEP(SHK.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ69C=MK:H?DB(PE.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ7@3=I\"MBE.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ7E: H=.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ86GI9LADENBRQ*RG.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ8JHDM;K<@'QIMJ,VRZGWX^Y\\5`UX", "247E61393F236B2576767472772B222D6F4250454E337B35455755515A4858494D345E565A5739635F675464656B6669426D6265524954377469646C676A6[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ8JHDM;K<@'QIMJ,VRZGWX^Y\\5`UX.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ:9C5A@GC?PLPD*UJM", "247E61393F236B25717679732A212C6E414F444D327A3446454F414D4C534F4B5C585C5036615659463D482B685D58605B5E58513A533025564D583B6768715D465F4E615[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ:9C5A@GC?PLPD*UJM.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ:BG;<JK=<RQTHTSF-XMP", "247E61393F236B257575777A792B222D6F4250454E337B35474F54484957584A495F5E61556160533A655A5D4A414C2F6C615C645F625C553E5734295A515C3F7C206D[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ:BG;<JK=<RQTHTSF-XMP.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ;9K?GJ#K@.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ<<IDLJ#K@.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ=<H3!I>.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ>FE8EKK$ODG", "247E61393F236B25767870747B2B222D6F4250454E337B354B535245525858315C5154413843266358535B5659534C354E2B205148533662636C58415A4B4A5D545F6C7077634C6[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ>FE8EKK$ODG.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ>FJ>@LAHD&NC", "247E61393F236B25747870752A212C6E414F444D327A344A52564A4C584D5450325A4F413843266358535B5659534C354E2B205148533662636C58415A4B4A5D545F6C7077634C[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ>FJ>@LAHD&NC.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJ>JJ>9;G@=N'SGB?REVIIYS[^SV7_T.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJB<?LE=#NCF.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJD=KJ!LAD.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJDJIHL@AF%PEH", "247E61393F236B25767172727A2B222D6F4250454E337B3551575655594D4E53325D52554239442753545D49324B3C3B4E455033677362627875717578715C454F4E49524B4F4D[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJDJIHL@AF%PEH.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJE88;MKO$LA", "247E61393F236B2576767677792B222D6F4250454E337B35524545485A585C31594E403742256257525A5558524B344D2A7E50475235727563574059445B525D406C6D76624B6455[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJE88;MKO$LA.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJEIK4!I>.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJFF6DMA<P@?'RGJ", "247E61393F236B2575707079792B222D6F4250454E337B35535343515A4E495D4D4C345F5457443B4629665B565E595C564F38517E22544B56397679675B445D4E5160576274[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJFF6DMA<P@?'RGJ.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJFJ:95\"MBE.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJG<>;MK#K@.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJGGC:K@;C>&QFI", "247E61393F236B256E767929202B6D404E434C31793352524E45564B464E49315C5154413843266358535B5659534C354E2B205148533662636C58415A495C535E6B6F76624B6[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJGGC:K@;C>&QFI.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJGJ>LB?D<?&NC", "247E61393F236B2575757979782B222D6F4250454E337B3554574B594F4C51494C335B50423944276459545C575A544D364F2C215249543774776559425B4D475E5560436F7079[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJGJ>LB?D<?&NC.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJI8A K@C.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJI;<AI\"MBE.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJI>K3?A#NCF.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJI?@>>AK<?&QFI", "247E61393F236B2576747529202B6D404E434C317933544A4B49494C56474A315C5154413843266358535B5659534C354E2B205148533673766458415A4B5C535E416D6E77634[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJI?@>>AK<?&QFI.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJII:D:JD$LA", "247E61393F236B2575767073752B222D6F4250454E337B355656475147575131594E403742256257525A5558524B344D2A7E504752357275635740594B465C535E416D697320644D[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJII:D:JD$LA.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJII=?@J6%<D?B)HFXLTW0XM", "247E61393F236B25757578717B2B222D6F4250454E337B3556564A4C4D57433249514C4F365553655961643D655A4C434E316E635E6661645E574059362B5C535E41[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJII=?@J6%<D?B)HFXLTW0XM.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJzz>H:\"MBE", "247E61393F236B2575767972782B222D6F4250454E337B3528284B55472F5A4F523F364124616452462F48374A414C2F5B5C65513A534443564D586A696D79697C6C604929696479[...]
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E31;CJzz>H:\"MBE.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E3x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E4x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E5x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E6x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E7x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E8x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E9x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E:x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E;x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E<x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E=x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E>x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E?x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7E@x305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7EAx305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7EBE3G=;D9N9=D.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7EBx305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7ECx305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7EDx305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B+7Etx305.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-0?3G>D", "6D3D6D6F70733F757A4774734A207B7E4D7B25215124502A515258222729262B2B295B33");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-0?3G>D.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-0?3G@6:5;", "");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-0?3G@6:5;.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-0?3GFA7EF", "2B2E2C3D");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-0?3GFA7EF.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B-3=3ECCJA=F>.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B3=>@44I48?.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B5BA==9CJAG", "6B6A4072407140417A7548737B48787C4D7E505123");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B5BA==9CJAG.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B6B11G4C56B>F;P;ANR@P", "6E6D687072736F706E78707574");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B9643G3/9E", "6A");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B9643G3/9E.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B;45>:BI9I7IE", "2B2E2C3D");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B;45>:BI9I7IE.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B<:222H64<", "393F352F3E");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B<:222H64<.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B<:222H64<L8DAJ", "6D70706F76737379766F2A7972727B79757C21");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B<:222H64<L8DAJ.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B=+03EH8H8J?:", "4443");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B=+03EH8H8J?:.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B?+E2A52D8.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9B?B0D:8AJ62<H", "6D");
Ligne Trouvée : user_pref("valueApps.CT2851639./9B?B0D:8AJ62<H.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639./9BA@0<0BI6A7GN:6@L?", "6C");
Ligne Trouvée : user_pref("valueApps.CT2851639./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.PG_ENABLE", "74727565");
Ligne Trouvée : user_pref("valueApps.CT2851639.PG_ENABLE.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.SF_JUST_INSTALLED", "46414C5345");
Ligne Trouvée : user_pref("valueApps.CT2851639.SF_JUST_INSTALLED.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.SF_STATUS", "454E41424C4544");
Ligne Trouvée : user_pref("valueApps.CT2851639.SF_STATUS.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.SF_USER_ID", "6369645F3137313230313431373734323735303234");
Ligne Trouvée : user_pref("valueApps.CT2851639.SF_USER_ID.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639._key_cl_active", "31623133663634652D313434392D343735662D383736352D303838663761626235333961");
Ligne Trouvée : user_pref("valueApps.CT2851639._key_cl_active.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.cb_experience_000", "31363138");
Ligne Trouvée : user_pref("valueApps.CT2851639.cb_experience_000.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.cb_firstuse0100", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.cb_firstuse0100.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.cb_user_id_000", "43423336313433353239313233395F313338373635303830383538305F46697265666F78");
Ligne Trouvée : user_pref("valueApps.CT2851639.cb_user_id_000.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.cbfirsttime", "5468752044656320313920323031332032303A32353A333620474D542B30313030");
Ligne Trouvée : user_pref("valueApps.CT2851639.cbfirsttime.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appStateReportTime", "31333932313038343137353836");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appStateReportTime.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_Clarity_Active", "6F6E");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_Clarity_Active.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_CouponBuddy", "6F6E");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_CouponBuddy.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_Easytobook", "6F6E");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_Easytobook.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_Easytobook_targeted", "6F6E");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_Easytobook_targeted.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_PriceGong", "6F6E");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_PriceGong.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_WindowShopper", "6F6666");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appState_WindowShopper.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appsConfig.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appsDefaultEnabled", "6E756C6C");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_appsDefaultEnabled.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_calledSetupService", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_calledSetupService.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_currentBadgeValue", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_currentBadgeValue.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_currentVersion", "312E31332E302E3137");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_currentVersion.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_eventsCache.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_existingUsersRecoveryDone", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_existingUsersRecoveryDone.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_first_time", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_first_time.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_lastLoginTime", "31333932313038343137383831");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_lastLoginTime.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_lastSettingsOpen", "7B2273657474696E67735061676546756C6C55726C223A22687474703A2F2F6170702E6D616D2E636F6E647569742E636F6D2F6765746170702F73612F4354323835313633392F[...]
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_lastSettingsOpen.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_localization.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_migrated_from_ls", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_migrated_from_ls.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_newApps", "5B5D");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_newApps.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_new_welcome_experience", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_new_welcome_experience.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_settings1.12.0.5.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_settings1.13.0.17.storedInFile", true);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_showWelcomeGadget", "66616C7365");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_showWelcomeGadget.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_stamp", "38345F30");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_stamp.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_userBornDate", "4E2F41");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_userBornDate.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_userId", "35653265663337662D376333642D343937382D613833382D376362363436316330343737");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_userId.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_user_approval_interacted", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_user_approval_interacted.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_welcomeDialogMode", "31");
Ligne Trouvée : user_pref("valueApps.CT2851639.mam_gk_welcomeDialogMode.storedInFile", false);
Ligne Trouvée : user_pref("valueApps.CT2851639.url_history0001", "687474703A2F2F7765686561727469742E636F6D2F6C6F67696E3A3A3A636C69636B68616E646C65723A3A3A313338373632393037313932392C2C2C687474703A2F2F7765686561727469[...]
Ligne Trouvée : user_pref("valueApps.CT2851639.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [51105 octets] - [24/03/2014 14:55:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [51166 octets] ##########
 



#9 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:24 PM

Posted 24 March 2014 - 09:13 AM

Hello davio6251

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 10:35 AM

 
what to do with AdwCleaner?
 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.24.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Utilisateur51 :: UTILISATEUR [limited]

24/03/2014 16:09:14
mbar-log-2014-03-24 (16-09-14).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 280058
Time elapsed: 14 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 



#11 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:24 PM

Posted 24 March 2014 - 11:30 AM

Hello davio6251,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 12:11 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by Utilisateur51 on 24/03/2014 at 18:02:40,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2019195115-1192297090-2364401295-1002\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Utilisateur51\AppData\Roaming\hotspot shield"
Successfully deleted: [Folder] "C:\Users\Utilisateur51\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Utilisateur51\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Utilisateur51\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Utilisateur51\AppData\Roaming\mozilla\firefox\profiles\4273htib.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\Utilisateur51\AppData\Roaming\mozilla\firefox\profiles\4273htib.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Utilisateur51\AppData\Roaming\mozilla\firefox\profiles\4273htib.default\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/03/2014 at 18:06:33,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 davio6251

davio6251
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 24 March 2014 - 12:25 PM

by against my vpn hotspot shield no longer works?

 

OTL logfile created on: 24/03/2014 18:13:25 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Utilisateur51\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16843)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,89 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 55,79% Memory free
7,89 Gb Paging File | 6,05 Gb Available in Paging File | 76,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,74 Gb Total Space | 747,08 Gb Free Space | 82,48% Space Free | Partition Type: NTFS
 
Computer Name: UTILISATEUR | User Name: Utilisateur51 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/24 11:54:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Utilisateur51\Downloads\OTL.exe
PRC - [2014/03/11 18:49:24 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/02/15 09:39:07 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/21 15:54:18 | 000,699,912 | ---- | M] (Orange SA) -- C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/12 15:40:04 | 013,494,592 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe
PRC - [2013/12/12 15:40:02 | 000,149,824 | ---- | M] (Orange) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe
PRC - [2013/10/17 08:38:52 | 001,970,544 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe
PRC - [2012/09/18 09:48:58 | 002,791,544 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2012/09/05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/09/05 08:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/09/05 08:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/08/22 01:21:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/15 12:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/08/10 09:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/08/06 11:17:44 | 001,313,384 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe
PRC - [2012/07/17 09:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 09:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 09:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 04:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/11 18:49:22 | 016,276,872 | ---- | M] () -- C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/15 09:38:51 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/01/17 12:32:46 | 004,791,656 | ---- | M] () -- c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2013/12/12 15:39:42 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\Tools.dll
MOD - [2013/12/12 15:39:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\jetrt\baseline720.dll
MOD - [2013/12/12 15:39:40 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetworkAPI.dll
MOD - [2013/12/12 15:39:40 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\zip.dll
MOD - [2013/12/12 15:39:40 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\NetWPSAPI.dll
MOD - [2013/12/12 15:39:38 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\java.dll
MOD - [2013/12/12 15:39:38 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\rt\bin\jetvm\jvm.dll
MOD - [2012/09/05 08:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/09/05 08:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/09/05 08:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/09/05 08:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/09/05 08:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/07/26 04:19:14 | 000,364,544 | ---- | M] () -- C:\windows\SysWOW64\msjetoledb40.dll
MOD - [2012/06/08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/08 03:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/04 07:50:54 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uTVMUIEngine.dll
MOD - [2007/04/19 01:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uPiApi.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/01 04:16:08 | 002,169,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/01/23 16:09:18 | 000,702,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/10/25 08:34:55 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/16 06:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/24 23:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/05/17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2012/04/20 06:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/03/11 18:49:24 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 09:39:05 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/21 15:54:18 | 000,699,912 | ---- | M] (Orange SA) [Auto | Running] -- C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/17 08:38:52 | 001,970,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe -- (Dedicarz Service)
SRV - [2012/09/20 09:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/09/05 08:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/08/22 01:21:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/11 02:47:32 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/10 10:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/10 09:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 09:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 09:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 09:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/12/17 22:11:50 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/10/25 08:34:52 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/24 23:34:32 | 000,248,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/16 02:44:40 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/10/10 12:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 07:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 03:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/16 06:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 07:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\windows\SysNative\Drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/07/17 17:10:52 | 000,138,232 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/07/17 17:09:40 | 000,107,080 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013/07/17 17:09:40 | 000,097,816 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013/07/09 09:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 02:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 02:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 07:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/25 19:02:40 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/11 02:47:23 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/11 02:47:15 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/08/10 10:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 10:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 10:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 10:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 10:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 10:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 10:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 10:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/07/31 13:23:06 | 000,778,240 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\dvb7700all.sys -- (DVB7700ALL)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 00:44:02 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/07/02 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 02:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/12 13:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/02/11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\Drivers\npf.sys -- (npf)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5B52640F-0735-4913-8491-D5249CF6BBC0}
IE:64bit: - HKLM\..\SearchScopes\{5B52640F-0735-4913-8491-D5249CF6BBC0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5B52640F-0735-4913-8491-D5249CF6BBC0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:/ProgramData/Hotspot Shield/config/hsspx/proxy.pac
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: e-webprint%40epson.com:1.19.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/02/26 18:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/10/05 16:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\Extensions
[2014/03/24 18:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\Firefox\Profiles\4273htib.default\extensions
[2014/03/09 10:03:49 | 000,013,447 | ---- | M] () (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\firefox\profiles\4273htib.default\extensions\ipbleep@p4ul.info.xpi
[2014/02/26 19:05:39 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Utilisateur51\AppData\Roaming\mozilla\firefox\profiles\4273htib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/15 09:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 09:39:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/15 09:38:36 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com
[2014/02/26 18:39:22 | 000,000,000 | ---D | M] (E-Web Print) -- C:\PROGRAM FILES (X86)\EPSON SOFTWARE\E-WEB PRINT\FIREFOX ADD-ON
 
O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-312 313 315 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-312 313 315 Series" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Utilisateur51\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{140ED540-5028-4C69-A952-FBD2AF60BC03}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C43B350-5AF5-40C9-A269-662E8D1AC349}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/24 18:02:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/03/24 17:52:46 | 000,000,000 | R--D | C] -- C:\Users\Utilisateur51\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/03/24 14:55:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/24 14:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/24 14:27:58 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/24 14:26:54 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/03/24 14:24:56 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\Desktop\mbar
[2014/03/23 10:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2014/03/23 10:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/03/22 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\Documents\ProcAlyzer Dumps
[2014/03/22 09:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/03/22 09:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/03/20 17:57:10 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\AppData\Roaming\LavasoftStatistics
[2014/03/20 17:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2014/03/20 16:50:47 | 002,084,072 | ---- | C] (Bitdefender) -- C:\windows\SysNative\bdnc.dll
[2014/03/20 16:50:44 | 001,061,776 | ---- | C] (BitDefender S.R.L.) -- C:\windows\SysNative\bdsmtpp.dll
[2014/03/20 16:50:44 | 000,209,984 | ---- | C] (BitDefender) -- C:\windows\SysNative\BdFirewallSDK.dll
[2014/03/20 16:50:44 | 000,195,016 | ---- | C] (BitDefender) -- C:\windows\SysNative\httproxy.dll
[2014/03/20 16:50:44 | 000,155,912 | ---- | C] (BitDefender S.R.L.) -- C:\windows\SysNative\bdpop3p.dll
[2014/03/20 16:50:44 | 000,122,928 | ---- | C] (BitDefender) -- C:\windows\SysNative\OEMbdpredir.dll
[2014/03/20 16:50:44 | 000,096,160 | ---- | C] (BitDefender) -- C:\windows\SysNative\bdpredir.dll
[2014/03/20 16:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2014/03/20 16:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/03/20 16:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2014/03/20 16:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2014/03/20 16:39:48 | 000,000,000 | ---D | C] -- C:\Users\Utilisateur51\AppData\Roaming\Lavasoft
[2014/03/20 16:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/03/20 16:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/03/19 13:05:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glorylogic
[2014/03/11 20:45:44 | 000,248,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys
[2014/03/11 20:45:43 | 000,035,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys
[2014/03/11 20:45:17 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2014/03/11 20:45:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/03/11 20:45:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/03/11 20:45:16 | 003,960,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/03/11 20:45:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/03/11 20:45:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/03/11 20:45:16 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/03/11 20:45:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/03/11 20:45:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/03/11 20:45:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/03/11 20:45:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/03/11 20:45:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/03/11 20:45:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2014/03/11 20:45:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2014/03/11 20:45:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/03/11 20:45:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/03/11 20:44:47 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2014/03/11 20:44:47 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2014/03/11 20:44:45 | 001,628,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2014/03/09 10:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/09 10:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/03/09 10:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/09 10:32:57 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/03/09 10:32:47 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/03/09 10:32:47 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/03/09 10:32:47 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/09 10:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/09 10:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/26 18:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2014/02/26 18:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/02/26 18:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2014/02/26 18:02:06 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\ensppmon.dll
[2014/02/26 18:02:06 | 000,558,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enppmon.dll
[2014/02/26 18:02:06 | 000,535,552 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\ensppui.dll
[2014/02/26 18:02:06 | 000,535,552 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enppui.dll
[2014/02/26 18:02:06 | 000,219,648 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enspres.dll
[2014/02/26 18:02:06 | 000,219,648 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\enpres.dll
[2014/02/26 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2014/02/26 17:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[2014/02/26 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON Software
[2014/02/26 17:44:15 | 000,466,432 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysNative\esxw2ud.dll
[2014/02/26 17:44:15 | 000,144,560 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysNative\escsvc64.exe
[2014/02/26 17:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2014/02/26 17:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2014/02/26 17:41:18 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\SysNative\E_GCINST.DLL
[2014/02/26 17:41:15 | 000,179,712 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\E_ILMBLFE.DLL
[2014/02/26 17:41:15 | 000,083,968 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysNative\E_ID4BLFE.DLL
[2014/02/26 17:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Epson
[2012/10/23 00:18:45 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/24 17:53:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/03/24 17:53:15 | 000,002,309 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/03/24 17:53:06 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/24 17:53:05 | 000,000,943 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/03/24 17:53:05 | 000,000,757 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/03/24 17:51:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/24 17:51:48 | 3339,714,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/24 17:49:00 | 000,001,002 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/03/24 17:44:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/24 17:25:00 | 000,000,943 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/03/24 17:25:00 | 000,000,757 | ---- | M] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/03/24 16:09:09 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/24 16:08:11 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/03/24 11:59:21 | 001,793,362 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/03/24 11:59:21 | 000,799,736 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
[2014/03/24 11:59:21 | 000,710,046 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/03/24 11:59:21 | 000,155,444 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
[2014/03/24 11:59:21 | 000,132,416 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/03/24 11:41:36 | 000,987,448 | ---- | M] () -- C:\Users\Utilisateur51\Desktop\SecurityCheck.exe
[2014/03/24 11:22:31 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2014/03/18 20:40:55 | 526,641,454 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/03/15 17:47:02 | 000,316,288 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/09 10:32:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/09 10:32:22 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/03/09 10:32:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/03/09 10:32:21 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/03/04 23:52:34 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/03/04 23:52:34 | 000,078,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/26 18:39:02 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2014/02/26 17:44:37 | 000,000,123 | ---- | M] () -- C:\Users\Public\Desktop\Epson Connect Site.url
[2014/02/26 17:44:36 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Manuels EPSON.lnk
[2014/02/26 17:44:15 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2014/02/23 09:13:59 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/02/23 09:13:31 | 000,915,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2014/02/23 09:13:31 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll
[2014/02/23 09:12:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/02/23 09:12:24 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/02/23 09:11:59 | 003,960,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/02/23 09:11:59 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2014/02/23 09:11:52 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2014/02/23 09:11:52 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/02/23 09:11:51 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/02/23 07:54:37 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll
[2014/02/23 07:53:40 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/02/23 07:53:21 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2014/02/23 07:53:18 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2014/02/23 07:53:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/02/23 07:53:18 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
 
========== Files Created - No Company Name ==========
 
[2014/03/24 11:41:29 | 000,987,448 | ---- | C] () -- C:\Users\Utilisateur51\Desktop\SecurityCheck.exe
[2014/03/24 11:22:15 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2014/03/20 16:50:44 | 000,156,936 | ---- | C] () -- C:\windows\SysNative\bdfwcore.dll
[2014/03/20 16:49:57 | 000,002,309 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/03/15 17:46:48 | 000,316,288 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/02/26 18:53:20 | 000,000,757 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/02/26 18:53:18 | 000,000,943 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {D473AEE9-5704-49EC-A769-89DC5DB4931D}.job
[2014/02/26 18:39:02 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2014/02/26 18:25:40 | 000,000,757 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Invitation {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/02/26 18:25:24 | 000,000,943 | ---- | C] () -- C:\windows\tasks\EPSON XP-312 313 315 Series Update {AC8EC0D2-B5C8-42D4-9FBF-11B1A8496AA3}.job
[2014/02/26 17:44:37 | 000,000,123 | ---- | C] () -- C:\Users\Public\Desktop\Epson Connect Site.url
[2014/02/26 17:44:36 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Manuels EPSON.lnk
[2014/02/26 17:44:15 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/10/05 12:34:40 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/10/23 00:18:45 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2012/08/03 02:35:04 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/03 02:35:04 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/08/03 02:34:34 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/03 02:34:28 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/08/03 02:34:28 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 05:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/10/06 10:34:24 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\windows\SysNative\shell32.dll -- [2013/12/07 07:36:58 | 019,751,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/07 06:15:36 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 



#14 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:24 PM

Posted 24 March 2014 - 02:01 PM

Hello davio6251,
 

by against my vpn hotspot shield no longer works?

Our tools deleted this as adware.
You can re-install it.

1. Java
Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.
 

***


2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.



***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***



How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:24 PM

Posted 26 March 2014 - 02:24 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users