Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
#10824
OTL logfile created on: 10/09/2013 23:59:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrateur\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

5,96 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 52,90% Memory free
11,92 Gb Paging File | 8,05 Gb Available in Paging File | 67,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,65 Gb Total Space | 324,07 Gb Free Space | 72,07% Space Free | Partition Type: NTFS
Drive F: | 3,90 Gb Total Space | 0,79 Gb Free Space | 20,16% Space Free | Partition Type: FAT32

Computer Name: USER-TOSH | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/09/09 14:31:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrateur\Desktop\OTL.exe
PRC - [2013/09/02 21:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/30 03:41:32 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2013/07/13 04:47:29 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012/10/23 18:42:06 | 000,347,120 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
PRC - [2012/10/23 18:41:44 | 001,739,760 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere.exe
PRC - [2012/10/23 18:41:41 | 000,637,936 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
PRC - [2012/02/05 05:41:10 | 000,231,328 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
PRC - [2012/02/05 05:40:56 | 000,219,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
PRC - [2012/02/04 21:47:54 | 000,251,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe
PRC - [2012/02/04 21:16:54 | 002,824,104 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2012/01/21 00:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/11/04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/08/08 21:43:00 | 000,690,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2011/08/08 21:36:00 | 000,087,960 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/03 23:18:00 | 000,742,800 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2010/11/21 04:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/09/07 00:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/02 21:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 21:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 21:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 21:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 21:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 21:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2012/10/23 18:41:44 | 001,739,760 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere.exe
MOD - [2012/10/23 18:41:41 | 000,637,936 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
MOD - [2012/10/23 18:40:44 | 000,249,344 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgMobileBroadband7.dll
MOD - [2012/10/23 18:38:48 | 000,606,208 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgCore.dll
MOD - [2012/10/23 18:38:04 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\LiveBoxCM.dll
MOD - [2012/10/23 18:37:38 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgDriverInstall.dll
MOD - [2012/10/23 18:37:27 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WTGSMSPCClient.dll
MOD - [2012/10/23 18:37:18 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgBluetooth.dll
MOD - [2012/10/23 18:37:10 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgDetection.dll
MOD - [2012/10/23 18:36:57 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgWiFi.dll
MOD - [2012/10/23 18:36:46 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgDialup.dll
MOD - [2012/10/23 18:36:29 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgDatabase.dll
MOD - [2012/10/23 18:36:22 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgPorts.dll
MOD - [2012/10/23 18:36:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WtgUtil.dll
MOD - [2012/10/23 18:35:54 | 000,602,112 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\WTGXMLUtil.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2012/01/25 18:57:12 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosGatt.dll
MOD - [2011/11/10 08:48:48 | 001,105,920 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\NDISAPI.dll
MOD - [2007/02/27 19:44:00 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\libeay32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/01/20 12:27:28 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/16 07:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 23:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/26 02:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 21:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/10 01:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/12/16 16:44:44 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013/08/30 03:41:32 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/23 18:42:06 | 000,347,120 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe -- (InternetEverywhere_Service)
SRV - [2012/10/11 16:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/21 00:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/11/04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/07/12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/02 01:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/03/14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 04:22:17 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/08/30 04:22:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/08/30 04:22:17 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2013/08/30 04:22:16 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/08/30 04:22:16 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2013/04/30 09:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/04/15 10:50:30 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 02:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 02:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 02:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013/02/26 02:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2013/01/01 17:11:02 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2012/12/25 15:37:54 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2012/12/25 15:37:54 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012/12/25 15:37:54 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012/12/25 15:37:54 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012/12/25 15:37:54 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV:64bit: - [2012/12/25 15:37:54 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012/12/25 15:37:54 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012/11/30 17:35:28 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd)
DRV:64bit: - [2012/10/24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 16:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 16:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/29 20:39:02 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/30 22:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/01/20 12:53:32 | 010,731,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/20 11:34:36 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/17 01:20:38 | 001,082,472 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/01/05 21:42:32 | 000,021,096 | ---- | M] (Realtek Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012/01/05 11:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 11:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 11:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/19 20:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/17 01:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/12/01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 09:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/10/17 20:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/24 05:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/17 22:27:06 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/03/18 23:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/29 19:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 18:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/08/30 18:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/19 00:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2010/04/26 19:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/21 08:07:26 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/08/20 07:02:06 | 000,130,816 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 19:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/15 00:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/17 20:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV - [2013/01/01 17:11:03 | 000,098,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2013/01/01 17:11:03 | 000,087,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2013/01/01 17:11:03 | 000,072,192 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2013/01/01 17:11:03 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2013/01/01 17:11:03 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2013/01/01 17:11:02 | 000,422,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2013/01/01 17:11:02 | 000,274,944 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2013/01/01 17:11:02 | 000,223,232 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2013/01/01 17:11:02 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
IE:64bit: - HKLM\..\SearchScopes\{207A80BF-3A4A-4226-B000-87445381F153}: "URL" = {searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{207A80BF-3A4A-4226-B000-87445381F153}: "URL" = {searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3799678134-1094475672-2913924675-500\..\SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
IE - HKU\S-1-5-21-3799678134-1094475672-2913924675-500\..\SearchScopes\${searchCLSID}: "URL" = {searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3799678134-1094475672-2913924675-500\..\SearchScopes\{207A80BF-3A4A-4226-B000-87445381F153}: "URL" = {searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_frTN490
IE - HKU\S-1-5-21-3799678134-1094475672-2913924675-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer: C:\Program Files (x86)\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrateur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrateur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/08 17:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:\Users\Administrateur\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013/08/28 18:51:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | ---D | M]

[2013/01/03 18:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/12 09:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll

========== Chrome ==========

CHR - default_search_provider: google (Enabled)
CHR - default_search_provider: search_url = {searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PluginRichmediaplayer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrateur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Administrateur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Documents Google = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Documents Google = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google\u00A0Drive = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google\u00A0Drive = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Recherche Google = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Download Video = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.3.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: Gmail = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Rich Media Downloader) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Administrateur\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Rich Media Player) - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Administrateur\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3799678134-1094475672-2913924675-500..\Run: [Facebook Update] C:\Users\Administrateur\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3799678134-1094475672-2913924675-500..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Administrateur\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AA4AC40-DE5B-46A7-88FD-F8AF6C06778D}: DhcpNameServer = 192.1.1.13 192.1.1.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{424CAE7A-7FF0-4B70-AB48-BCB9F861625E}: NameServer = 196.203.80.4 196.203.82.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD145E9-81AC-4AB6-87AF-8A3CBD8285B1}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AFC0B4A-8564-41F5-901F-9DD8D667FAAC}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94886D77-FC1C-4772-AA76-EA2FE0E2A52D}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9508140-3B1F-4982-9E10-5A25E921B693}: NameServer = 196.203.80.4 196.203.82.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/08/26 22:34:51 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
#10825
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc - C:\windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/09/09 14:31:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrateur\Desktop\OTL.exe
[2013/09/01 16:27:04 | 000,000,000 | ---D | C] -- C:\Sounds
[2013/09/01 12:54:25 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Malwarebytes
[2013/09/01 12:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/01 12:54:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/01 12:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/01 12:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/01 12:54:11 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Programs
[2013/09/01 07:40:26 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/09/01 07:31:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/31 04:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2013/08/31 04:21:33 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/08/29 22:02:10 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\Radiocom
[2013/08/29 22:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\RichMedia
[2013/08/29 22:02:05 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Radiocom
[2013/08/28 19:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/08/28 19:50:59 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\klfphc.dll
[2013/08/28 19:50:00 | 000,000,000 | ---D | C] -- C:\windows\ELAMBKUP
[2013/08/28 19:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/08/28 19:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/08/28 19:49:21 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys
[2013/08/28 19:49:21 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys
[2013/08/28 18:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rich Media Player
[2013/08/28 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Local\Rich Media Player
[2013/08/28 03:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013/08/28 03:45:14 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\capicom.dll
[2013/08/28 02:32:01 | 000,000,000 | ---D | C] -- C:\Users\Administrateur\AppData\Roaming\QuickScan
[2013/08/28 02:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/08/28 02:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/08/27 01:23:34 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\Microsoft
[2013/08/26 22:34:51 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2013/08/25 20:07:42 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013/08/14 16:46:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/14 16:46:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/14 16:46:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/14 16:46:30 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/14 16:46:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/14 16:46:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/14 16:46:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/14 16:46:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/14 16:46:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/14 16:46:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/14 16:46:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/14 16:46:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/14 16:46:24 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/14 16:46:23 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/14 16:46:23 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/13 21:29:09 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/13 21:29:08 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/13 21:29:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/13 21:27:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/13 21:27:40 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/08/13 21:27:39 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/08/13 21:27:34 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/08/13 21:27:32 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/08/13 21:27:31 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/08/13 21:27:31 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/08/13 21:27:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/08/13 21:27:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/08/13 21:27:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/08/13 21:27:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/08/13 21:27:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/08/13 21:27:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/10 23:59:56 | 001,566,088 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/10 23:59:56 | 000,712,096 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat
[2013/09/10 23:59:56 | 000,622,464 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/10 23:59:56 | 000,133,806 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat
[2013/09/10 23:59:56 | 000,109,310 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/10 23:52:00 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/10 23:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/10 22:59:02 | 000,000,964 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job
[2013/09/10 22:46:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
[2013/09/10 21:58:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/10 19:59:01 | 000,000,942 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
[2013/09/10 19:46:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
[2013/09/09 14:31:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrateur\Desktop\OTL.exe
[2013/09/09 14:11:32 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/09 01:50:14 | 000,038,784 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 01:50:14 | 000,038,784 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 01:42:11 | 623,069,829 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/02 17:55:08 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/08/30 04:22:17 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kneps.sys
[2013/08/30 04:22:17 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kltdi.sys
[2013/08/30 04:22:17 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klmouflt.sys
[2013/08/30 04:22:16 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys
[2013/08/30 04:22:16 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\windows\SysNative\drivers\klkbdflt.sys
[2013/08/30 04:22:15 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys
[2013/08/28 18:42:38 | 000,230,495 | ---- | M] () -- C:\ProgramData\1377711683.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | ---- | M] () -- C:\ProgramData\1377657701.bdinstall.bin
[2013/08/28 03:46:20 | 000,000,385 | ---- | M] () -- C:\windows\SysNative\user_gensett.xml
[2013/08/28 03:45:37 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/08/28 03:40:23 | 000,370,476 | ---- | M] () -- C:\ProgramData\1377653102.bdinstall.bin
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/31 04:31:50 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/08/28 18:42:38 | 000,230,495 | ---- | C] () -- C:\ProgramData\1377711683.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | ---- | C] () -- C:\ProgramData\1377657701.bdinstall.bin
[2013/08/28 03:46:20 | 000,000,385 | ---- | C] () -- C:\windows\SysNative\user_gensett.xml
[2013/08/28 03:45:37 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2013/08/28 03:40:23 | 000,370,476 | ---- | C] () -- C:\ProgramData\1377653102.bdinstall.bin
[2013/07/27 10:22:55 | 000,000,708 | ---- | C] () -- C:\Users\Administrateur\Bibliothèques - Raccourci.lnk
[2013/03/20 16:29:00 | 001,590,564 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/03/12 18:52:42 | 000,000,382 | ---- | C] () -- C:\windows\ODBC.INI
[2013/01/06 22:55:35 | 000,000,293 | ---- | C] () -- C:\windows\game.ini
[2012/11/30 18:23:17 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2012/04/07 17:14:14 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/04/07 17:12:39 | 000,028,528 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2012/04/07 17:09:55 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/04/07 17:03:23 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/04/07 17:00:51 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/04/07 17:00:51 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/04/07 17:00:51 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/01/20 12:49:58 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2012/01/20 12:49:48 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/10 21:58:36 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\InternetEverywhere
[2013/05/17 12:52:12 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\Notepad++
[2013/05/19 20:13:30 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\PowerISO
[2013/08/28 02:32:01 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\QuickScan
[2013/08/29 22:02:10 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\Radiocom
[2013/07/24 07:37:14 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\Theta
[2013/06/03 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\Toshiba
[2013/07/04 04:51:53 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\Unity
[2013/07/20 12:30:21 | 000,000,000 | ---D | M] -- C:\Users\Administrateur\AppData\Roaming\WildTangent
[2013/01/01 15:25:14 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\InternetEverywhere
[2012/12/15 17:40:50 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Toshiba

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: AFD.SYS >
[2011/12/28 04:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\windows\SysNative\drivers\afd.sys
[2011/12/28 04:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 05:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/21 04:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: I8042PRT.SYS >
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\drivers\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

< MD5 for: LSASS.EXE >
[2009/07/14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012/06/04 08:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\windows\SysNative\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe

< MD5 for: NETBT.SYS >
[2010/11/21 04:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\windows\SysNative\drivers\netbt.sys
[2010/11/21 04:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 09:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 09:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/03/01 09:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 09:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 18:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 18:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013/05/08 07:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2010/11/21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/08/22 19:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 11:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/04/25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013/05/08 07:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012/03/30 12:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 07:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011/04/25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013/01/04 06:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011/03/19 08:45:16 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\windows\SysNative\drivers\tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011/03/19 08:39:54 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2012/08/22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/21 04:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/21 04:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2011/02/25 07:28:30 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\windows\SysNative\drivers\volsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_e7c4cd5b40e03494\volsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %APPDATA%\*.exe /s >
[2013/07/20 12:30:29 | 001,012,600 | ---- | M] (WildTangent) -- C:\Users\Administrateur\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-toshiba.exe
[2013/07/20 12:30:03 | 001,012,592 | ---- | M] (WildTangent) -- C:\Users\Administrateur\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
[2013/07/20 12:29:51 | 000,000,179 | ---- | M] () -- C:\Users\Administrateur\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata
[2013/07/20 12:30:23 | 000,000,177 | ---- | M] () -- C:\Users\Administrateur\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-toshiba.exe_filedata

< %APPDATA%\Adobe\Update\*.* >

< %APPDATA%\Update\*.* >

< %APPDATA%\Microsoft\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %ALLUSERSPROFILE%\*.* >
[2013/08/28 03:40:23 | 000,370,476 | ---- | M] () -- C:\ProgramData\1377653102.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | ---- | M] () -- C:\ProgramData\1377657701.bdinstall.bin
[2013/08/28 18:42:38 | 000,230,495 | ---- | M] () -- C:\ProgramData\1377711683.bdinstall.bin
[2013/08/28 02:22:25 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat
[2013/08/28 02:22:37 | 000,005,120 | -HS- | M] () -- C:\ProgramData\ntuser.dat.LOG1
[2013/08/28 02:22:25 | 000,000,000 | -HS- | M] () -- C:\ProgramData\ntuser.dat.LOG2
[2013/08/28 02:22:26 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
[2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms
[2013/08/28 02:22:36 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
[2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms

< %SYSTEMDRIVE%\*.* >
[2013/08/28 18:41:46 | 000,002,691 | ---- | M] () -- C:\bdlog.txt
[2010/11/21 04:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/03/15 20:26:49 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK
[2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/09 01:42:11 | 2105,335,807 | -HS- | M] () -- C:\pagefile.sys
[2013/09/02 17:55:08 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/08/26 22:33:21 | 000,012,060 | ---- | M] () -- C:\UsbFix [Clean 3] USER-TOSH.txt
[2013/08/26 22:35:03 | 000,002,944 | ---- | M] () -- C:\UsbFix [Listing 1 ] USER-TOSH.txt
[2013/09/05 00:42:38 | 000,004,534 | ---- | M] () -- C:\UsbFix [Listing 2 ] USER-TOSH.txt
[2013/08/25 23:35:12 | 000,010,964 | ---- | M] () -- C:\UsbFix [Scan 1] USER-TOSH.txt
[2013/08/26 22:21:47 | 000,010,191 | ---- | M] () -- C:\UsbFix [Scan 2] USER-TOSH.txt
[2013/08/28 01:36:31 | 000,010,853 | ---- | M] () -- C:\UsbFix [Scan 5] USER-TOSH.txt
[2013/08/30 02:24:24 | 000,009,829 | ---- | M] () -- C:\UsbFix [Scan 6] USER-TOSH.txt

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %PROGRAMFILES%\Internet Explorer\*.* >
[2012/11/07 09:27:01 | 000,002,446 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\debug.log
[2013/06/23 03:11:56 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2013/06/23 03:11:56 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc
[2013/06/23 03:11:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2013/06/23 03:11:56 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2013/06/23 03:11:56 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2013/07/26 04:11:59 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2013/07/26 04:12:00 | 000,236,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2013/07/26 04:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/06/23 03:11:56 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2013/07/26 04:12:04 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2013/06/23 03:11:56 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2013/06/23 03:11:56 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2013/06/23 03:11:56 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2013/06/23 03:11:56 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
[2013/06/23 03:11:56 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2013/06/23 03:11:56 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll
[2013/07/26 04:13:06 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
#10826
< %USERPROFILE%\*.* >
[2013/07/27 10:22:55 | 000,000,708 | ---- | M] () -- C:\Users\Administrateur\Bibliothèques - Raccourci.lnk
[2013/09/11 00:08:45 | 003,670,016 | -HS- | M] () -- C:\Users\Administrateur\NTUSER.DAT
[2013/09/11 00:08:45 | 000,262,144 | -HS- | M] () -- C:\Users\Administrateur\ntuser.dat.LOG1
[2013/05/15 21:41:56 | 000,000,000 | -HS- | M] () -- C:\Users\Administrateur\ntuser.dat.LOG2
[2013/05/15 21:59:41 | 000,065,536 | -HS- | M] () -- C:\Users\Administrateur\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\Administrateur\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () -- C:\Users\Administrateur\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013/05/15 21:41:56 | 000,000,020 | -HS- | M] () -- C:\Users\Administrateur\ntuser.ini

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< %systemroot%\system32\DBBK\*.* /s >

< %systemroot%\system32\config\systemprofile\*.* >
[2013/08/27 01:23:47 | 000,262,144 | ---- | M] () -- C:\windows\system32\config\systemprofile\NtUser.dat
[2013/08/27 01:23:47 | 000,005,120 | -HS- | M] () -- C:\windows\system32\config\systemprofile\NtUser.dat.LOG1
[2013/08/27 01:23:47 | 000,000,000 | -HS- | M] () -- C:\windows\system32\config\systemprofile\NtUser.dat.LOG2
[2013/08/27 01:23:47 | 000,065,536 | -HS- | M] () -- C:\windows\system32\config\systemprofile\NtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TM.blf
[2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () -- C:\windows\system32\config\systemprofile\NtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () -- C:\windows\system32\config\systemprofile\NtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms

< %systemroot%\*. /mp /s >

< %systemroot%\*.exe /90 >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.dll /90 >
[2013/06/23 03:02:47 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/23 03:02:47 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/23 03:02:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/23 03:02:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/23 03:02:47 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/09 05:46:31 | 001,166,848 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\crypt32.dll
[2013/07/09 05:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\cryptnet.dll
[2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\cryptsvc.dll
[2013/06/23 03:02:47 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\d2d1.dll
[2013/06/23 03:02:47 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\d3d10.dll
[2013/06/23 03:02:47 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\d3d10core.dll
[2013/06/23 03:02:47 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\d3d10level9.dll
[2013/06/23 03:02:47 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\d3d10warp.dll
[2013/06/23 03:02:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\d3d10_1.dll
[2013/06/23 03:02:47 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\d3d10_1core.dll
[2013/06/23 03:02:47 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\dxgi.dll
[2013/06/23 03:11:56 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\dxtmsft.dll
[2013/06/23 03:11:56 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\dxtrans.dll
[2013/06/23 03:11:56 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\elshyph.dll
[2013/06/23 03:11:56 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\icardie.dll
[2013/06/23 03:11:56 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\IEAdvpack.dll
[2013/06/23 03:11:56 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ieapfltr.dll
[2013/06/23 03:11:56 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\iedkcs32.dll
[2013/07/26 04:11:59 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ieframe.dll
[2013/06/23 03:11:56 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\iepeers.dll
[2013/07/26 04:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\iernonce.dll
[2013/07/26 04:12:00 | 002,048,512 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\iertutil.dll
[2013/07/26 04:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\iesetup.dll
[2013/07/26 04:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\iesysprep.dll
[2013/07/26 04:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ieui.dll
[2013/06/23 03:11:56 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\imgutil.dll
[2013/06/23 03:11:56 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\inseng.dll
[2013/07/26 04:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\jscript.dll
[2013/07/26 04:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\jscript9.dll
[2013/07/26 04:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\jsproxy.dll
[2013/06/23 03:11:56 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\licmgr10.dll
[2013/07/26 04:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\msfeeds.dll
[2013/06/23 03:11:56 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\msfeedsbs.dll
[2013/07/26 04:12:23 | 014,329,344 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\mshtml.dll
[2013/06/23 03:11:56 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\mshtmled.dll
[2013/06/23 03:11:56 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\mshtmler.dll
[2013/06/23 03:11:56 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\mshtmlmedia.dll
[2013/06/23 03:11:56 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\msls31.dll
[2013/06/23 03:02:47 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\msmpeg2vdec.dll
[2013/06/23 03:11:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\msrating.dll
[2013/07/09 05:53:47 | 001,292,192 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ntdll.dll
[2013/07/09 03:49:39 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ntvdm64.dll
[2013/06/23 03:11:56 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\occache.dll
[2013/06/23 03:11:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\pngfilt.dll
[2013/07/09 05:52:33 | 000,663,552 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\rpcrt4.dll
[2013/07/19 02:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\tzres.dll
[2013/06/23 03:02:46 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\UIAnimation.dll
[2013/06/23 03:11:56 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\url.dll
[2013/07/26 04:13:14 | 001,141,248 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\urlmon.dll
[2013/06/23 03:11:56 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\vbscript.dll
[2013/06/23 03:11:56 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\webcheck.dll
[2013/06/23 03:02:47 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\WindowsCodecsExt.dll
[2013/07/26 04:13:24 | 001,767,936 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\wininet.dll
[2013/07/09 05:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\wintrust.dll
[2013/06/23 03:02:47 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\WMPhoto.dll
[2013/07/25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\WMVDECOD.DLL
[2013/07/09 05:52:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\wow32.dll
[2013/06/23 03:02:47 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\XpsGdiConverter.dll
[2013/06/23 03:02:47 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\XpsPrint.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\*.exe /90 >
[2013/06/13 01:17:56 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\system32\FlashPlayerApp.exe
[2013/06/23 03:11:56 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ieUnatt.exe
[2013/06/23 03:11:56 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\iexpress.exe
[2013/07/09 03:49:41 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\instnm.exe
[2013/06/23 03:11:56 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\msfeedssync.exe
[2013/06/23 03:11:56 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\mshta.exe
[2013/07/09 06:03:34 | 003,968,960 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ntkrnlpa.exe
[2013/07/09 06:03:34 | 003,913,664 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\ntoskrnl.exe
[2013/07/26 02:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\RegisterIEPKEYs.exe
[2013/06/23 03:11:56 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\SetIEInstalledDate.exe
[2013/07/09 03:49:42 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\setup16.exe
[2013/07/09 03:49:38 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\user.exe
[2013/06/23 03:11:56 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\wextract.exe

< %systemroot%\system32\config\*.sav >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2010/11/21 04:25:07 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/21 04:24:01 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2009/07/14 02:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
[2009/07/13 22:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
[2010/11/21 04:24:26 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/21 04:25:07 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2009/07/14 02:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/14 02:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2012/12/14 09:10:13 | 000,117,160 | ---- | M] () MD5=569124F95660007F8C470D00A96CBD7D -- C:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
[2010/11/21 04:25:11 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2012/11/10 08:29:16 | 000,367,400 | ---- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/14 02:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2009/06/10 22:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 22:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2012/11/10 08:29:07 | 001,662,976 | ---- | M] () MD5=2148068617A9D2B5E08520CAD7014E64 -- C:\windows\assembly\GAC_32\mscorcfg\2.0.0.0__b03f5f7f11d50a3a\mscorcfg.dll
[2009/06/10 22:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 22:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 22:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2013/04/23 23:57:26 | 004,554,752 | ---- | M] () MD5=F90B255442B7DF136ABE99D15036ACAB -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 22:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 22:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 22:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 22:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 22:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 22:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 22:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 22:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 22:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 22:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/21 04:24:32 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/21 04:23:48 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/07/13 23:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2009/07/14 02:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2009/06/10 22:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 22:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 23:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2009/07/14 02:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2009/07/13 23:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/14 02:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2013/04/15 23:56:15 | 004,218,880 | ---- | M] () MD5=8DFB5078508924FA725C203CE179B10C -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 22:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2013/04/19 23:55:09 | 001,737,376 | ---- | M] () MD5=E0E5BB58A4C43F7DBB83352785F32DEF -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/21 04:24:15 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/21 04:24:08 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/21 04:24:07 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/21 04:24:07 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2013/04/15 23:56:16 | 000,372,736 | ---- | M] () MD5=962108F1B42E442AF55588CC14F4794F -- C:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 22:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2013/04/19 23:55:06 | 005,283,840 | ---- | M] () MD5=2D9D6335997928AE65B3DE25609CD9F0 -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >
[2010/11/21 04:24:42 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
[2010/11/21 04:23:56 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2010/11/21 04:24:22 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2010/11/21 04:24:42 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
[2010/11/21 04:24:42 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
[2010/11/21 04:24:42 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2009/07/14 02:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2009/07/14 02:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2011/08/17 06:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
[2010/11/21 04:24:42 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll
[2010/11/21 04:24:42 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll
[2010/11/21 04:24:42 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
[2010/11/21 04:24:42 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2010/11/21 04:24:53 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2012/11/10 08:29:15 | 000,454,440 | ---- | M] () MD5=78D01EA9CE232F25ACE9024E12950853 -- C:\windows\assembly\GAC_64\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/14 02:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
[2010/11/21 04:24:49 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2010/11/21 04:24:59 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
[2009/06/10 21:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
[2009/06/10 21:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2009/06/10 21:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2009/06/10 21:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2013/04/23 23:56:10 | 004,567,040 | ---- | M] () MD5=32B844F1DAA7912FBBB119047303E73F -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2009/06/10 21:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2009/06/10 21:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2009/06/10 21:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2009/06/10 21:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2009/06/10 21:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2009/06/10 21:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2009/06/10 21:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2009/06/10 21:40:02 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2009/06/10 21:40:02 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2009/06/10 21:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2010/11/21 04:24:16 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2010/11/21 04:24:24 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2009/06/10 21:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 21:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 22:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config
[2009/07/14 02:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll
[2013/04/15 23:55:18 | 003,998,208 | ---- | M] () MD5=AE098D9D3BD83440C59A0C3386F4F5DD -- C:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2009/06/10 21:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2013/04/19 23:54:21 | 002,256,032 | ---- | M] () MD5=6E656C325A5519A3A9D951709958CF6F -- C:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2010/11/21 04:24:09 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2010/11/21 04:24:02 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2010/11/21 04:24:01 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2010/11/21 04:24:01 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2013/04/15 23:55:19 | 000,358,912 | ---- | M] () MD5=D5B9510CA085D4E04BEBD2C47CD50925 -- C:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/06/10 21:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2013/04/19 23:54:20 | 005,292,032 | ---- | M] () MD5=EB0E4FD11A19D25ED65ACE37277BFC7B -- C:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >
[2013/05/27 15:14:34 | 000,000,000 | -H-- | M] () -- C:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-1E-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock
[2013/09/01 08:53:59 | 000,118,378 | ---- | M] () -- C:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log

< %windir%\temp*.* >
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< "%WinDir%\$NtUninstallKB*$." /30 >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 7D 0B 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 20 07 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
"Connexion r�seau" = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< C:\Program Files\Common Files\ComObjects\*.* / >
Invalid Switch:

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< >
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,496 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/03/14 21:17:22 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/03/14 21:22:55 | 000,001,078 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 21:22:57 | 000,001,082 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 19:41:37 | 000,000,902 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
[2012/11/30 19:41:38 | 000,000,924 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
[2013/06/09 19:54:14 | 000,000,942 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
[2013/06/09 19:54:15 | 000,000,964 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job

< End of report >
#10827
:hello: Bonsoir

*** Une infection doit être réglée le plus rapidement possible, pour éviter sa propagation dans le PC ***

C'est une plaisanterie =>
par kazanastra » 04 Sep 2013 04:48

Pour info, nous sommes le 09/10/2013 !

Edité =>
De plus le script de correction, n'a pas été appliqué :faché15:
SoSVirus n'est pas un Super-Marché !
#10829
salut , désolé j avais pas de connexion sur mon pc d'apres ce temps la , mon clé orange a été endommagé ,.. bref ;
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0\ not found.
File C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () => WildTangent Games not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) => Toolbar.Google not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-19\\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\Program Files\Bitdefender\ not found.
Folder C:\Program Files\Common Files\Bitdefender\ not found.
File C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
File C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
File C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
File C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
File C:\windows\system32\config\systemprofile\NtUser.dat.LOG1 => Fichiers de rapport (Log) not found.
File C:\windows\system32\config\systemprofile\NtUser.dat.LOG2 => Fichiers de rapport (Log) not found.
C:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log moved successfully.
File C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
File C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
File C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
File C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 6884286 bytes
->Temporary Internet Files folder emptied: 1266770 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 619168556 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: USER

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8657771 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2382041669 bytes

Total Files Cleaned = 2Â 878,00 mb


[EMPTYFLASH]

User: Administrateur
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Invité

User: Public

User: USER

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[resethost]> in the current context!
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10092013_234205

Files\Folders moved on Reboot...
C:\Users\Administrateur\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\vmware-Système\vmauthd.log scheduled to be moved on reboot.
C:\windows\temp\vmware-Système\vmware-usbarb-3280.log moved successfully.
File move failed. C:\windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
#10856
:hello: Salut

Tu as tjrs des coupures et écrans bleu avec cette machine ?
Merci de ta réponse

Téléchargez UsbFix et enregistrez-le sur votre bureau
Lien page de téléchargement:

Une fois téléchargé sur votre bureau, double-cliquez sur son icone
Image

Puis cliquez sur Exécuter pour lancer l'installation qui se fera automatiquement
Image

Recherche des infections
Clique sur le bouton " Recherche "

Image

Laisse travailler l'outil
à€ la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum
Le rapport est aussi sauvegardé à la racine du disque système => C:\UsbFix [Scan X].txt
Tutoriel en images => https://www.sosvirus.net/viewtopic.php?f=204&t=3


Suppression des infections
/!\Si blocage, désactiver temporairement l'antivirus
ou
Redémarre en mode sans échec avec prise en charge du réseau

Clique sur le bouton " Suppression "
Image

Veuillez faire un copié/collé de ce rapport sur le forum o๠vous demandez de l'aide
Rappel => Ctrl A pour sélectionner tout, Ctrl C pour copier puis Ctrl V pour coller le rapport sur le forum
Le rapport est aussi sauvegardé à la racine du disque système => C:\UsbFix [Clean X].txt

:(
Modifié en dernier par El Desaparecido le jeu. 10 oct. 2013 10:27, modifié 1 fois.Raison : Mauvais lien de téléchargement usbfix
#10882
merci :) , non l' écran bleu je pense qu il n'apparais plus voila les deux rapports :
############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 08/10/2013 par El Desaparecido - Team SosVirus
Lancé à 12:57:26 | 10/10/2013

Site Web:
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact:

PC: Type2 - Board Vendor Name1 (Type2 - Board Product Name1)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
RAM -> [Total : 6104 | Free : 4421]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) - 66%) [] # NTFS
D:\ -> CD-ROM

################## | Processus Actif |

C:\windows\system32\csrss.exe (ID 808 |ParentID 688)
C:\windows\system32\wininit.exe (ID 900 |ParentID 688)
C:\windows\system32\csrss.exe (ID 932 |ParentID 908)
C:\windows\system32\services.exe (ID 972 |ParentID 900)
C:\windows\system32\lsass.exe (ID 1008 |ParentID 900)
C:\windows\system32\lsm.exe (ID 1016 |ParentID 900)
C:\windows\system32\svchost.exe (ID 692 |ParentID 972)
C:\windows\system32\svchost.exe (ID 1072 |ParentID 972)
C:\windows\system32\atiesrxx.exe (ID 1136 |ParentID 972)
C:\windows\system32\winlogon.exe (ID 1176 |ParentID 908)
C:\windows\System32\svchost.exe (ID 1216 |ParentID 972)
C:\windows\System32\svchost.exe (ID 1260 |ParentID 972)
C:\windows\system32\svchost.exe (ID 1292 |ParentID 972)
C:\windows\system32\svchost.exe (ID 1324 |ParentID 972)
C:\windows\system32\svchost.exe (ID 1620 |ParentID 972)
C:\windows\system32\atieclxx.exe (ID 1668 |ParentID 1136)
C:\windows\system32\svchost.exe (ID 2012 |ParentID 972)
C:\Windows\System32\GFNEXSrv.exe (ID 2040 |ParentID 972)
C:\windows\System32\spoolsv.exe (ID 1652 |ParentID 972)
C:\windows\system32\taskeng.exe (ID 804 |ParentID 1324)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID 2172 |ParentID 972)
C:\windows\system32\hasplms.exe (ID 2312 |ParentID 972)
C:\ProgramData\DatacardService\HWDeviceService64.exe (ID 2364 |ParentID 972)
C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe (ID 2460 |ParentID 972)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (ID 2480 |ParentID 972)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (ID 2556 |ParentID 972)
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (ID 2600 |ParentID 972)
C:\windows\system32\svchost.exe (ID 2776 |ParentID 972)
C:\windows\system32\taskhost.exe (ID 2856 |ParentID 972)
C:\windows\system32\Dwm.exe (ID 2936 |ParentID 1260)
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (ID 2944 |ParentID 972)
C:\windows\Explorer.EXE (ID 2124 |ParentID 2916)
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (ID 1516 |ParentID 2556)
C:\ProgramData\DatacardService\DCSHelper.exe (ID 2160 |ParentID 2364)
C:\windows\system32\TODDSrv.exe (ID 1776 |ParentID 972)
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (ID 1592 |ParentID 972)
C:\windows\SysWOW64\vmnat.exe (ID 2684 |ParentID 972)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3112 |ParentID 972)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 3184 |ParentID 3112)
C:\Program Files\TOSHIBA\TECO\TecoService.exe (ID 3208 |ParentID 972)
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (ID 3328 |ParentID 972)
C:\windows\SysWOW64\vmnetdhcp.exe (ID 3384 |ParentID 972)
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (ID 3404 |ParentID 972)
C:\windows\system32\wbem\wmiprvse.exe (ID 3484 |ParentID 692)
C:\windows\system32\wbem\unsecapp.exe (ID 3524 |ParentID 692)
C:\windows\system32\svchost.exe (ID 3936 |ParentID 972)
C:\windows\servicing\TrustedInstaller.exe (ID 4004 |ParentID 972)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 3304 |ParentID 2124)
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (ID 3772 |ParentID 2124)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 2188 |ParentID 2124)
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (ID 2148 |ParentID 2124)
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (ID 4108 |ParentID 2124)
C:\Program Files\TOSHIBA\TECO\Teco.exe (ID 4148 |ParentID 2124)
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (ID 4288 |ParentID 2124)
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (ID 4344 |ParentID 2124)
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (ID 4452 |ParentID 2124)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (ID 4472 |ParentID 2124)
C:\Users\Administrateur\AppData\Local\Facebook\Update\FacebookUpdate.exe (ID 4528 |ParentID 2124)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (ID 4572 |ParentID 2124)
C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe (ID 4664 |ParentID 2124)
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (ID 4724 |ParentID 2124)
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (ID 4820 |ParentID 4780)
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (ID 4832 |ParentID 4780)
C:\windows\system32\wbem\wmiprvse.exe (ID 4972 |ParentID 692)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID 5096 |ParentID 4544)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID 2164 |ParentID 4064)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (ID 4828 |ParentID 972)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 5020 |ParentID 4180)
C:\windows\system32\SearchIndexer.exe (ID 4440 |ParentID 972)
C:\windows\system32\svchost.exe (ID 4356 |ParentID 972)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe (ID 5484 |ParentID 4572)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe (ID 5516 |ParentID 692)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe (ID 5604 |ParentID 4572)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (ID 5632 |ParentID 4572)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (ID 5676 |ParentID 4572)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (ID 5724 |ParentID 4572)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID 5864 |ParentID 2164)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (ID 5908 |ParentID 4572)
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (ID 4896 |ParentID 4572)
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe (ID 5396 |ParentID 4896)
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID 7124 |ParentID 972)
C:\UsbFix\Go.exe (ID 6336 |ParentID 2920)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 6808 |ParentID 972)
C:\Program Files (x86)\Nero\Update\NASvc.exe (ID 2808 |ParentID 972)
C:\windows\system32\sppsvc.exe (ID 6184 |ParentID 972)
C:\windows\System32\svchost.exe (ID 1552 |ParentID 972)
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (ID 6768 |ParentID 972)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (ID 5012 |ParentID 972)
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (ID 6888 |ParentID 4228)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 7372 |ParentID 972)
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (ID 7748 |ParentID 4192)
C:\windows\system32\svchost.exe (ID 8120 |ParentID 972)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [NBAgent] - "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [NBAgent] - "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE | Run : [Facebook Update] - "C:\Users\Administrateur\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-18\SOFTWARE | RunOnce : [osk.exe] - osk.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [Application Restart #0] - C:\Windows\System32\osk.exe

################## | à‰léments infectieux |


################## | Registre |

Présent! HKU\S-1-5-21-3799678134-1094475672-2913924675-500\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr


################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | - https://www.sosvirus.net |



############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 08/10/2013 par El Desaparecido - Team SosVirus
Lancé à 15:40:31 | 10/10/2013

Site Web:
Forum : https://www.sosvirus.net/
Upload Malware: https://www.sosvirus.net/upload_malware.php
Contact:

PC: Type2 - Board Vendor Name1 (Type2 - Board Product Name1)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
RAM -> [Total : 6104 | Free : 4933]
Bios: Insyde Corp.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) - 66%) [] # NTFS
D:\ -> CD-ROM

################## | Regedit Run |

HKLM\SOFTWARE | Run : [NBAgent] - "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [NBAgent] - "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE\wow6432Node | Run : [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3799678134-1094475672-2913924675-500\SOFTWARE | Run : [Facebook Update] - "C:\Users\Administrateur\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-18\SOFTWARE | Run : [TOPI.EXE] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
HKU\S-1-5-18\SOFTWARE | RunOnce : [osk.exe] - osk.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [Application Restart #0] - C:\Windows\System32\osk.exe

################## | Processus Stoppés |

Stoppé! C:\windows\system32\ctfmon.exe (ID 1552 |ParentID 1508)
Stoppé! C:\windows\system32\DllHost.exe (ID 1796 |ParentID 812)

################## | à‰léments infectieux |


(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKU\S-1-5-21-3799678134-1094475672-2913924675-500\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Listing |

[19/05/2013 - 00:36:11 | SHD ] C:\$Recycle.Bin
[01/09/2013 - 07:32:28 | D ] C:\AdwCleaner
[26/08/2013 - 22:34:51 | RASHD ] C:\Autorun.inf
[28/08/2013 - 18:41:46 | N | 2691] C:\bdlog.txt
[15/03/2012 - 20:26:46 | SHD ] C:\Boot
[21/11/2010 - 04:23:51 | RASH | 383786] C:\bootmgr
[15/03/2012 - 20:26:49 | N | 8192] C:\BOOTSECT.BAK
[11/01/2013 - 14:17:16 | D ] C:\c60592a295c769f4d1820b14e0f0d2
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[19/05/2013 - 15:04:24 | D ] C:\EasyPHP
[10/10/2013 - 15:39:51 | ASH | 4800225280] C:\hiberfil.sys
[10/11/2012 - 08:25:46 | D ] C:\IDE
[07/04/2012 - 16:58:15 | D ] C:\Intel
[10/11/2012 - 08:24:40 | RHD ] C:\MSOCache
[10/10/2013 - 15:39:51 | ASH | 6400303104] C:\pagefile.sys
[02/09/2013 - 17:55:08 | N | 512] C:\PhysicalDisk0_MBR.bin
[19/09/2013 - 00:45:40 | D ] C:\Program Files
[13/09/2013 - 23:56:10 | D ] C:\Program Files (x86)
[01/09/2013 - 12:54:22 | HD ] C:\ProgramData
[01/09/2013 - 16:27:10 | D ] C:\Sounds
[09/10/2013 - 23:43:26 | SHD ] C:\System Volume Information
[16/05/2013 - 09:44:46 | D ] C:\temp
[28/06/2012 - 11:12:04 | D ] C:\Toshiba
[10/10/2013 - 15:43:48 | D ] C:\UsbFix
[26/08/2013 - 22:33:21 | N | 12060] C:\UsbFix [Clean 3] USER-TOSH.txt
[10/10/2013 - 12:16:21 | N | 11104] C:\UsbFix [Clean 6] USER-TOSH.txt
[10/10/2013 - 13:06:13 | N | 9957] C:\UsbFix [Clean 7] USER-TOSH.txt
[10/10/2013 - 15:44:52 | A | 5892] C:\UsbFix [Clean 8] USER-TOSH.txt
[26/08/2013 - 22:35:03 | N | 2944] C:\UsbFix [Listing 1 ] USER-TOSH.txt
[05/09/2013 - 00:42:38 | N | 4534] C:\UsbFix [Listing 2 ] USER-TOSH.txt
[25/08/2013 - 23:35:12 | N | 10964] C:\UsbFix [Scan 1] USER-TOSH.txt
[26/08/2013 - 22:21:47 | N | 10191] C:\UsbFix [Scan 2] USER-TOSH.txt
[28/08/2013 - 01:36:31 | N | 10853] C:\UsbFix [Scan 5] USER-TOSH.txt
[30/08/2013 - 02:24:24 | N | 9829] C:\UsbFix [Scan 6] USER-TOSH.txt
[10/10/2013 - 12:15:02 | N | 12783] C:\UsbFix [Scan 7] USER-TOSH.txt
[10/10/2013 - 13:05:15 | N | 11427] C:\UsbFix [Scan 8] USER-TOSH.txt
[19/05/2013 - 00:37:41 | D ] C:\Users
[05/10/2013 - 20:57:29 | D ] C:\Windows
[03/09/2013 - 00:51:52 | D ] C:\ZHP
[19/09/2013 - 00:45:37 | D ] C:\_OTL

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | - https://www.sosvirus.net |
#10887
:hello: Re

Source =>
J'ai placé mon flash disque sur un autre PC. Depuis, quand j'enregistre des fichiers sur disque amovible quelqu'un se transforme en d'autre fichiers nommé par des symboles et de date de création bizarres
Mise à part ton disque dur, je ne vois aucun support externe USB (flash) branché sur ta machine, pendant le passage de l'outil USBFix !
Pourquoi, puisque c'est l'objet de ta demande d'aide ici ?

Merci de me répondre

:(
#11135
:hello: Bonsoir
a propos d'ecrant bleu il apparaît encore
Note le code qu'il envoie, et publie le à la suite

Contrôle du disque dur =>

Vérifier avec fsutil

La commande fsutil permet très simplement de vérifier l'intégrité d'un disque, ce qui permet de savoir si nous devons utiliser la commande CHKDSK afin de corriger le problème


Sous XP => Démarrer // Tous les programmes // Accéssoires ---> "Invite de commandes", clic droit et "Exécuter en tant qu'administrateur"
Sous Vista/Win7 => Dans le menu Windows // Tous les programmes// Accessoires => clic droit sur "Invite de commandes" et "Exécuter en tant qu'administrateur"
Sous Win8 => Barre de charme // Rechercher => Taper Invite de commandes» l'épingler par un clic droit. En bas à gauche "Exécuter en tant qu'administrateur"

Dans la fenêtre noire qui va s'ouvrir et derrière le curseur clignotant que vous verrez et qui suit la ligne c:\windows\system32>


Image

Tapez en respectant les espaces ou par un copier/coller fsutil dirty query C: et appuyez sur la touche Entrée de votre clavier
Vous demandez à Windows de vérifier l'intégrité de votre partition C:\ ou se trouve le système d'exploitation. Une analyse va s'exécuter, patientez pendant l'opération
A l'issue de l'analyse le résultat vous sera indiqué dans la fenêtre noire, communiquez moi le

;)

Salut, :D Je l'ai installé sur mon PC, j[…]

Suspicion de virus crypto

Ok bonne route :)

Problème avec Adsfix

bonsoir ok , à te lire prochainement :)

suspicion de contamination

ok très bien, merci