Hello,
I have problema since a few weeks with malwares such as searchult.com. I ve been trying every single solution and software shown on google but still... my explorers are still infected. I ve finaly find a tool called OTL by old timer witch seem to go deeper but as i m not an expert i dont want to mess up anything. Could somone who actualy knows about it help me to spot my troubles on the repport?
OTL logfile created on: 04/05/2015 03:08:20 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fabien\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
7.98 Gb Total Physical Memory | 5.44 Gb Available Physical Memory | 68.16% Memory free
15.96 Gb Paging File | 13.02 Gb Available in Paging File | 81.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 565.21 Gb Free Space | 40.45% Space Free | Partition Type: NTFS
Computer Name: FABIEN-PC | User Name: Fabien | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Fabien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Archivos de programa\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Archivos de programa\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\11a24c8e5dd833c8de63c6a7ec19ca89\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\f2637acce0919a29bdf53912a359dbf2\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a596d0525d78281d86abce9c2e6105b5\System.IdentityModel.ni.dll ()
MOD - C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (HitmanProScheduler) -- C:\Archivos de programa\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MaConfigAgent) -- C:\Archivos de programa\ma-config.com\MaConfigAgent.exe (CybelSoft)
SRV - (ss_conn_service) -- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (DEVGURU Co., LTD.)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service 64) -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Archivos de programa\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Intel® -- C:\Archivos de programa\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV - (Intel® -- C:\Archivos de programa\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (LBTServ) -- C:\Archivos de programa\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (RichVideo64) -- C:\Archivos de programa\CyberLink\Shared files\RichVideo64.exe ()
SRV - (SQLWriter) -- C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.) -- C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ma-config_amd64) -- C:\Archivos de programa\ma-config.com\Drivers\ma-config_amd64.sys (CybelSoft)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = www.google.com
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.co...?q={searchTerms}
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "AR"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Diccionario RAE,DuckDuckGo,eBay,Twitter,Wikipedia (es)"
FF - prefs.js..browser.search.region: "AR"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/03/25 12:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/04/16 14:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2015/03/02 18:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabien\AppData\Roaming\mozilla\Extensions
[2015/05/03 19:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabien\AppData\Roaming\mozilla\Firefox\Profiles\iqag84gg.default-1430635995401\extensions
[2015/05/03 00:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2015/05/03 00:46:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/03/31 10:23:10 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
O1 HOSTS File: ([2015/05/03 19:15:57 | 000,001,380 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 serials.wilcopub.com
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Archivos de programa\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Archivos de programa\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Archivos de programa\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CDAServer] C:\Archivos de programa\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2044533905-598165211-2142930410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.42.4.210 200.49.130.47
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B16E242D-44D4-44A4-AC74-FABCFC6C9F85}: DhcpNameServer = 200.42.4.210 200.49.130.47
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Archivos de programa\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/04/21 14:28:09 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{67a26788-be89-11e3-829e-74f06dde6650}\Shell - "" = AutoRun
O33 - MountPoints2\{67a26788-be89-11e3-829e-74f06dde6650}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/05/04 14:27:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fabien\Desktop\OTL.exe
[2015/05/03 19:08:58 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\ZHP
[2015/05/03 19:04:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/05/03 18:44:06 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2015/05/03 18:44:06 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\Temp
[2015/05/03 12:20:30 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015/05/03 12:20:21 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\zoek
[2015/05/03 02:48:49 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Datos antiguos de Firefox
[2015/05/03 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2015/05/03 02:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/05/03 02:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/05/03 02:17:49 | 011,028,616 | ---- | C] (SurfRight B.V.) -- C:\Users\Fabien\Desktop\HitmanPro_x64.exe
[2015/05/03 02:12:20 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/05/03 02:01:27 | 002,716,306 | ---- | C] (Thisisu) -- C:\Users\Fabien\Desktop\JRT.exe
[2015/05/03 01:02:33 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/05/03 01:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/05/03 01:02:21 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/05/03 01:02:21 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/05/03 01:02:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/05/03 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/05/03 00:46:23 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\Mozilla
[2015/05/02 21:54:10 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2015/05/02 21:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2015/05/02 19:59:15 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Mactowebise
[2015/05/02 18:36:53 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\UIAutomationCore
[2015/05/01 18:52:08 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Licitacion
[2015/04/30 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\brochure-folders-free-by-designshock
[2015/04/23 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Cairo2011_High1.0
[2015/04/22 17:14:32 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Orbx systems
[2015/04/22 17:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbx
[2015/04/22 17:07:08 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\Orbx
[2015/04/22 17:01:17 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\FTXORBXLIBS_150331
[2015/04/22 15:16:30 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Documents\Abrosoft FantaMorph
[2015/04/22 15:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abrosoft FantaMorph 5
[2015/04/22 15:16:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abrosoft
[2015/04/22 15:02:25 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\morph
[2015/04/21 18:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FSGRW
[2015/04/21 18:28:12 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Desktop\Dans EZCA Cameras
[2015/04/21 15:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/04/21 15:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/04/21 15:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/04/21 14:27:40 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Start Menu
[2015/04/21 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2015/04/21 09:17:08 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Bitdefender
[2015/04/21 09:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2015/04/21 09:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2015/04/21 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2015/04/21 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2015/04/20 21:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2015/04/20 21:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SchDownload
[2015/04/19 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FsxAdventures KLM Missions v1.00
[2015/04/16 14:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/04/16 14:41:04 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\TA_Software
[2015/04/16 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\GMap.NET
[2015/04/16 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\Fabien\AppData\Local\IsolatedStorage
[2015/04/16 14:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plan-G v3.1.2
[2015/04/16 14:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plan-G v3.1.2
[2015/04/16 14:07:48 | 000,000,000 | ---D | C] -- C:\Users\Fabien\Documents\Plan-G Files
[2015/04/15 14:48:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\X86
[2015/04/15 14:48:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AMD64
[2015/04/14 23:05:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/04/14 23:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/04/14 23:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/04/06 21:10:36 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015/04/06 21:10:36 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015/04/06 09:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/04/06 14:35:27 | 001,367,776 | ---- | C] (VIRTUALI s.a.s.) -- C:\Users\Fabien\komu
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/05/04 15:03:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/05/04 15:02:37 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/05/04 14:44:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/05/04 14:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabien\Desktop\OTL.exe
[2015/05/04 14:27:55 | 000,001,946 | ---- | M] () -- C:\Users\Fabien\Desktop\Google Chrome.lnk
[2015/05/04 14:10:16 | 000,031,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/05/04 14:10:16 | 000,031,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/05/04 14:02:35 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/05/04 14:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/05/04 14:02:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2015/05/04 14:01:58 | 2133,065,727 | -HS- | M] () -- C:\hiberfil.sys
[2015/05/03 19:15:57 | 000,001,380 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/05/03 19:08:58 | 000,000,832 | ---- | M] () -- C:\Users\Fabien\Desktop\ZHPCleaner.lnk
[2015/05/03 17:57:31 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015/05/03 12:29:53 | 001,305,600 | ---- | M] () -- C:\Users\Fabien\Desktop\zoek.exe
[2015/05/03 12:20:07 | 004,170,178 | ---- | M] () -- C:\Users\Fabien\Desktop\zoek.zip
[2015/05/03 02:40:43 | 000,004,260 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2015/05/03 02:34:52 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2015/05/03 02:20:51 | 011,028,616 | ---- | M] (SurfRight B.V.) -- C:\Users\Fabien\Desktop\HitmanPro_x64.exe
[2015/05/03 02:12:31 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-FABIEN-PC-Windows-7-Professional-(64-bit).dat
[2015/05/03 02:01:30 | 002,716,306 | ---- | M] (Thisisu) -- C:\Users\Fabien\Desktop\JRT.exe
[2015/05/03 02:00:47 | 002,204,160 | ---- | M] () -- C:\Users\Fabien\Desktop\adwcleaner_4.203.exe
[2015/05/03 01:02:23 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/05/02 19:54:34 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/05/02 18:35:33 | 000,079,581 | ---- | M] () -- C:\Users\Fabien\Desktop\UIAutomationCore.zip
[2015/05/02 18:17:40 | 000,005,820 | ---- | M] () -- C:\Users\Fabien\Documents\a321 qatar.ecs
[2015/05/01 19:13:36 | 000,232,815 | ---- | M] () -- C:\Users\Fabien\Documents\Sobre.pdf
[2015/05/01 18:25:18 | 000,683,834 | ---- | M] () -- C:\Users\Fabien\Desktop\final.pdf
[2015/04/30 21:05:38 | 001,167,945 | ---- | M] () -- C:\Users\Fabien\Desktop\cook_kitchen_restaurant_chef_gourmet_food_clean_cook_white.jpg
[2015/04/30 20:34:31 | 000,124,196 | ---- | M] () -- C:\Users\Fabien\Desktop\cafe_broglie_strasbourg.jpg
[2015/04/30 20:23:20 | 000,069,166 | ---- | M] () -- C:\Users\Fabien\Desktop\18.jpg
[2015/04/30 19:22:22 | 000,155,511 | ---- | M] () -- C:\Users\Fabien\Desktop\fiat-fiorino-2014-01.jpg
[2015/04/30 19:13:45 | 001,101,085 | ---- | M] () -- C:\Users\Fabien\Desktop\Food-image-7.jpg
[2015/04/30 19:10:33 | 000,338,337 | ---- | M] () -- C:\Users\Fabien\Desktop\buffet-self-service-panela-de-minas-tiradentes-mg.jpg
[2015/04/30 17:57:55 | 000,063,813 | ---- | M] () -- C:\Users\Fabien\Desktop\22660647-cloche-icon-Stock-Vector-tray-platter-cloche.jpg
[2015/04/30 17:54:35 | 298,309,324 | ---- | M] () -- C:\Users\Fabien\Desktop\Stacked-Presentation-Folders-Mockup-PSD-Template.zip
[2015/04/30 17:26:30 | 103,936,580 | ---- | M] () -- C:\Users\Fabien\Desktop\brochure-folders-free-by-designshock.zip
[2015/04/29 19:44:35 | 006,630,827 | ---- | M] () -- C:\Users\Fabien\Desktop\hoy.cwd
[2015/04/29 18:44:41 | 000,001,659 | ---- | M] () -- C:\Users\Fabien\Desktop\YMML V2.0 User Guide.lnk
[2015/04/27 11:25:42 | 000,001,021 | ---- | M] () -- C:\Users\Fabien\Desktop\Dropbox.lnk
[2015/04/23 15:23:47 | 042,100,059 | ---- | M] () -- C:\Users\Fabien\Desktop\Cairo2011_High1.0.zip
[2015/04/22 17:07:17 | 000,001,181 | ---- | M] () -- C:\Users\Fabien\Desktop\FTX Central 2 (FSX - FTX Global).lnk
[2015/04/21 18:43:31 | 000,002,512 | ---- | M] () -- C:\Users\Fabien\Desktop\FTX Vector Configurator (FSX).lnk
[2015/04/21 18:42:21 | 000,001,952 | ---- | M] () -- C:\Users\Fabien\Desktop\FS Global Real Weather.lnk
[2015/04/21 18:28:07 | 001,519,434 | ---- | M] () -- C:\Users\Fabien\Desktop\Dans EZCA Cameras.zip
[2015/04/21 14:28:09 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015/04/21 09:19:38 | 000,533,238 | ---- | M] () -- C:\ProgramData\1429618186.bdinstall.bin
[2015/04/21 09:17:48 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2015/04/21 09:17:48 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2015/04/21 09:17:48 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2015/04/20 20:06:50 | 000,001,620 | ---- | M] () -- C:\Users\Fabien\Desktop\FS Global Homepage.lnk
[2015/04/19 12:21:05 | 001,905,895 | ---- | M] () -- C:\Users\Fabien\Desktop\20150306_210149.jpg
[2015/04/16 14:08:10 | 000,000,105 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2015/04/14 23:07:00 | 001,653,774 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/04/14 23:07:00 | 000,748,388 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2015/04/14 23:07:00 | 000,654,922 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/14 23:07:00 | 000,159,358 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2015/04/14 23:07:00 | 000,122,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/14 23:06:52 | 001,653,774 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/14 16:49:22 | 001,010,244 | ---- | M] () -- C:\Users\Fabien\Desktop\20150414_163954.jpg
[2015/04/14 16:49:18 | 001,065,291 | ---- | M] () -- C:\Users\Fabien\Desktop\20150414_163951.jpg
[2015/04/14 09:37:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/04/14 09:37:46 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/04/14 09:37:42 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/05/04 13:57:13 | 000,001,946 | ---- | C] () -- C:\Users\Fabien\Desktop\Google Chrome.lnk
[2015/05/03 19:08:58 | 000,000,832 | ---- | C] () -- C:\Users\Fabien\Desktop\ZHPCleaner.lnk
[2015/05/03 18:44:07 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015/05/03 12:29:53 | 001,305,600 | ---- | C] () -- C:\Users\Fabien\Desktop\zoek.exe
[2015/05/03 12:20:07 | 004,170,178 | ---- | C] () -- C:\Users\Fabien\Desktop\zoek.zip
[2015/05/03 02:40:43 | 000,004,260 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2015/05/03 02:34:52 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2015/05/03 02:12:31 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-FABIEN-PC-Windows-7-Professional-(64-bit).dat
[2015/05/03 02:00:35 | 002,204,160 | ---- | C] () -- C:\Users\Fabien\Desktop\adwcleaner_4.203.exe
[2015/05/03 01:02:23 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/05/03 00:46:18 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/05/02 19:54:34 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/05/02 18:35:33 | 000,079,581 | ---- | C] () -- C:\Users\Fabien\Desktop\UIAutomationCore.zip
[2015/05/02 18:17:40 | 000,005,820 | ---- | C] () -- C:\Users\Fabien\Documents\a321 qatar.ecs
[2015/05/01 19:13:36 | 000,232,815 | ---- | C] () -- C:\Users\Fabien\Documents\Sobre.pdf
[2015/05/01 18:25:18 | 000,683,834 | ---- | C] () -- C:\Users\Fabien\Desktop\final.pdf
[2015/04/30 21:06:35 | 001,167,945 | ---- | C] () -- C:\Users\Fabien\Desktop\cook_kitchen_restaurant_chef_gourmet_food_clean_cook_white.jpg
[2015/04/30 20:34:51 | 000,124,196 | ---- | C] () -- C:\Users\Fabien\Desktop\cafe_broglie_strasbourg.jpg
[2015/04/30 20:24:52 | 000,069,166 | ---- | C] () -- C:\Users\Fabien\Desktop\18.jpg
[2015/04/30 19:22:39 | 000,155,511 | ---- | C] () -- C:\Users\Fabien\Desktop\fiat-fiorino-2014-01.jpg
[2015/04/30 19:13:50 | 001,101,085 | ---- | C] () -- C:\Users\Fabien\Desktop\Food-image-7.jpg
[2015/04/30 19:10:48 | 000,338,337 | ---- | C] () -- C:\Users\Fabien\Desktop\buffet-self-service-panela-de-minas-tiradentes-mg.jpg
[2015/04/30 17:58:11 | 000,063,813 | ---- | C] () -- C:\Users\Fabien\Desktop\22660647-cloche-icon-Stock-Vector-tray-platter-cloche.jpg
[2015/04/30 17:25:07 | 103,936,580 | ---- | C] () -- C:\Users\Fabien\Desktop\brochure-folders-free-by-designshock.zip
[2015/04/30 17:11:06 | 298,309,324 | ---- | C] () -- C:\Users\Fabien\Desktop\Stacked-Presentation-Folders-Mockup-PSD-Template.zip
[2015/04/29 18:44:41 | 000,001,659 | ---- | C] () -- C:\Users\Fabien\Desktop\YMML V2.0 User Guide.lnk
[2015/04/23 15:23:20 | 042,100,059 | ---- | C] () -- C:\Users\Fabien\Desktop\Cairo2011_High1.0.zip
[2015/04/22 17:13:51 | 006,630,827 | ---- | C] () -- C:\Users\Fabien\Desktop\hoy.cwd
[2015/04/22 17:07:17 | 000,001,181 | ---- | C] () -- C:\Users\Fabien\Desktop\FTX Central 2 (FSX - FTX Global).lnk
[2015/04/21 18:43:31 | 000,002,512 | ---- | C] () -- C:\Users\Fabien\Desktop\FTX Vector Configurator (FSX).lnk
[2015/04/21 18:42:20 | 000,001,952 | ---- | C] () -- C:\Users\Fabien\Desktop\FS Global Real Weather.lnk
[2015/04/21 18:28:07 | 001,519,434 | ---- | C] () -- C:\Users\Fabien\Desktop\Dans EZCA Cameras.zip
[2015/04/21 14:28:09 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2015/04/21 09:19:38 | 000,533,238 | ---- | C] () -- C:\ProgramData\1429618186.bdinstall.bin
[2015/04/21 09:17:48 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2015/04/21 09:17:05 | 049,563,064 | -H-- | C] () -- C:\bdr-im01.gz
[2015/04/21 09:17:05 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2015/04/21 09:17:05 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2015/04/21 09:17:05 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2015/04/19 12:26:15 | 000,864,356 | ---- | C] () -- C:\Users\Fabien\Desktop\20131214_170114_8_bestshot.jpg
[2015/04/19 12:21:03 | 001,905,895 | ---- | C] () -- C:\Users\Fabien\Desktop\20150306_210149.jpg
[2015/04/16 14:08:10 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2015/04/14 16:47:50 | 001,065,291 | ---- | C] () -- C:\Users\Fabien\Desktop\20150414_163951.jpg
[2015/04/14 16:46:28 | 001,010,244 | ---- | C] () -- C:\Users\Fabien\Desktop\20150414_163954.jpg
[2015/03/27 11:23:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015/03/16 20:15:28 | 000,000,069 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2015/01/27 19:36:29 | 000,007,601 | ---- | C] () -- C:\Users\Fabien\AppData\Local\Resmon.ResmonCfg
[2015/01/24 20:37:26 | 000,000,218 | ---- | C] () -- C:\Users\Fabien\AppData\Local\recently-used.xbel
[2014/11/20 21:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/09/12 03:40:26 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2014/07/18 09:08:45 | 000,004,608 | ---- | C] () -- C:\Users\Fabien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/30 19:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2014/04/30 19:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2014/04/30 19:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2014/04/30 19:47:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/04/30 19:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2014/04/15 13:41:42 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2014/04/08 18:04:32 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2014/03/26 12:14:26 | 000,000,030 | ---- | C] () -- C:\Program Files (x86)\settings.cfg
[2014/03/26 12:08:10 | 000,379,294 | ---- | C] () -- C:\Program Files (x86)\UnGEXUSACAN.exe
[2014/03/25 12:50:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/03/25 12:42:45 | 001,653,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/06 18:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/06 18:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 17:39:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/12/06 17:39:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/08/27 14:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 02:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 02:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/11/09 20:12:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2014/10/16 14:36:23 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\AMD
[2015/04/21 09:23:15 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Bitdefender
[2014/05/05 08:28:54 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Chief Architect Inc
[2015/04/22 16:10:02 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\DAEMON Tools Lite
[2015/05/02 20:56:42 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Dropbox
[2015/03/11 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\EZCA
[2015/03/08 19:04:36 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\FS2Crew2010
[2014/03/27 11:51:28 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\fscabincrew
[2015/02/09 19:10:05 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\HSAR
[2014/06/10 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\LASoftWorks
[2014/03/25 12:56:10 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Leadertech
[2014/03/27 15:24:53 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\library_dir
[2015/03/19 15:59:28 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Lockheed Martin
[2015/02/08 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\LogMate
[2015/05/02 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Mactowebise
[2015/02/04 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Notepad++
[2015/04/22 17:14:32 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Orbx systems
[2014/03/29 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\PMDG
[2014/03/25 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Python-Eggs
[2015/01/27 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Quest3D
[2015/03/10 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\RAASPRO
[2015/01/27 19:35:22 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Roaming
[2014/11/26 19:27:53 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Samsung
[2014/06/10 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\SendBlaster3
[2015/04/21 13:52:22 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Spotify
[2015/01/17 19:30:02 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Steam
[2015/03/27 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Subtitle Edit
[2014/10/23 20:51:13 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\TeamViewer
[2015/03/02 18:36:05 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Thunderbird
[2014/10/25 10:47:45 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\TS3Client
[2015/03/19 17:26:33 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\Virtuali
[2015/03/27 10:57:49 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\WinBatch
[2015/05/03 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\Fabien\AppData\Roaming\ZHP
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:74603393
< End of report >