Dépannage Informatique Aider moi a trouver une solution pour désinfecter mon flash

Dépannage Informatique : Aider moi a trouver une solution pour désinfecter mon flash

Auteur
Messages
kazanastra
4 septembre 2013 à 2 h 48 min
Nombre d'articles : 0
#161180 |
Bonsoir,
J’ai placé mon flash disque sur un autre PC. Depuis, quand j’enregistre des fichiers sur disque amovible quelqu’un se transforme en d’autre fichiers nommé par des symboles et de date de création bizarres (exp:01/09/ 2051) . Je ne sait pas si c’est un virus car les antivirus ne le détectent pas (ni avast ni kasperski ni bitdefendre). Je croit même qu’il infecté mon PC puisque désormais, n’importe quel flash disque que je branche présente les mêmes symptôme !
Merci de m’indiquer comment régler ce problème
j ai essayé avec d’autre flashs et d’autre pcs , le meme probleme , il parait que le flash infect les pcs , les pcs infectent les flashs , moi je l’utilise pour enregistrer des musiques , il y a des dossiers la plus par du temps s’enregistre sans aucun prob , mais d’autre quand j’enlève le flash et j l’ouvrir je les trouve vides ou des musiques sans supprimer et d’autre sons répéter plusieurs fois ou ne s’ouvrent pas ou ils sons remplacés par des fichiers (je les trouve pas mnt quand j enregistre un dossier soit j le trouve vide ou remplier par quelque musique qui sont pas de ce dossier originalmais je pense comme ça U¬U¬.lfm la date:06/01/2051) par fois je peux les effacer par fois nn
merci ..
Anonyme
4 septembre 2013 à 6 h 13 min
Nombre d'articles : 0
#171530
Hello ,
:welcome:
C’est toi qui vient du forum Comment ça marche.net 🙂
Je colle ton lien de discussion là-bas pour les autres Helper : http://www.commentcamarche.net/forum/affich-28600434-aider-moi-a-trouver-une-solution-pour-desinfecter-mon-flash#top” onclick=”window.open(this.href);return false;
Ils sont étranges ces symptômes. Mais c’est pas la première fois que j’en entend parler.
Relance UsbFix avec les flash disk “infectés” connecté , choisi l’option Listing.
Fais moi ensuite parvenir le rapport dans ta prochaine réponse en utilisant le BBCode Spoiler stp 😉
@ Te lire
kazanastra
4 septembre 2013 à 23 h 47 min
Nombre d'articles : 0
#171529
saluut ouii oui c’est moi , en fait merci bien et je veux dire que mon pc s’arrête parfois (écran bleu écriture blanche)
[spoiler:1a98ba40]############################## | UsbFix V 7.133 | [Listing]
Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 27/08/2013 par El Desaparecido
Lancé à 00:42:37 | 05/09/2013
Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/viewtopic.php?f=6&t=489” onclick=”window.open(this.href);return false;
Contact: eldesaparecido@sosvirus.net
PC: TOSHIBA (Satellite c855) (x64-based PC)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2500)
RAM -> [Total : 6104 | Free : 3341]
BIOS: InsydeH2O Version 03.72.011.50
BOOT: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16660
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C: (%systemdrive%) -> Disque fixe # 450 Go (325 Go libre(s) – 72%) [] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 4 Go (2 Go libre(s) – 57%) [] # FAT32
################## | Listing |
[19/05/2013 – 00:36:11 | SHD ] C:$Recycle.Bin
[01/09/2013 – 07:32:28 | D ] C:AdwCleaner
[26/08/2013 – 22:34:51 | RASHD ] C:Autorun.inf
[28/08/2013 – 18:41:46 | A | 2691] C:bdlog.txt
[15/03/2012 – 20:26:46 | SHD ] C:Boot
[21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
[15/03/2012 – 20:26:49 | N | 8192] C:BOOTSECT.BAK
[11/01/2013 – 14:17:16 | D ] C:c60592a295c769f4d1820b14e0f0d2
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[19/05/2013 – 15:04:24 | D ] C:EasyPHP
[04/09/2013 – 04:14:52 | ASH | 4800225280] C:hiberfil.sys
[10/11/2012 – 08:25:46 | D ] C:IDE
[07/04/2012 – 16:58:15 | D ] C:Intel
[10/11/2012 – 08:24:40 | RHD ] C:MSOCache
[04/09/2013 – 04:14:52 | ASH | 6400303104] C:pagefile.sys
[02/09/2013 – 17:55:08 | A | 512] C:PhysicalDisk0_MBR.bin
[28/08/2013 – 02:27:54 | D ] C:Program Files
[01/09/2013 – 12:54:21 | D ] C:Program Files (x86)
[01/09/2013 – 12:54:22 | HD ] C:ProgramData
[01/09/2013 – 16:27:10 | D ] C:Sounds
[03/09/2013 – 18:59:02 | SHD ] C:System Volume Information
[16/05/2013 – 09:44:46 | D ] C:temp
[28/06/2012 – 11:12:04 | D ] C:Toshiba
[05/09/2013 – 00:42:38 | D ] C:UsbFix
[26/08/2013 – 22:33:21 | N | 12060] C:UsbFix [Clean 3] USER-TOSH.txt
[26/08/2013 – 22:35:03 | N | 2944] C:UsbFix [Listing 1 ] USER-TOSH.txt
[05/09/2013 – 00:42:38 | A | 2362] C:UsbFix [Listing 2 ] USER-TOSH.txt
[25/08/2013 – 23:35:12 | N | 10964] C:UsbFix [Scan 1] USER-TOSH.txt
[26/08/2013 – 22:21:47 | N | 10191] C:UsbFix [Scan 2] USER-TOSH.txt
[28/08/2013 – 01:36:31 | A | 10853] C:UsbFix [Scan 5] USER-TOSH.txt
[30/08/2013 – 02:24:24 | A | 9829] C:UsbFix [Scan 6] USER-TOSH.txt
[19/05/2013 – 00:37:41 | D ] C:Users
[04/09/2013 – 04:14:52 | D ] C:Windows
[03/09/2013 – 00:51:52 | D ] C:ZHP
[19/04/2013 – 12:52:02 | A | 3332838] F:Project X soundtrack – Beamer Benz Or Bentley.mp3
[19/06/2013 – 14:20:10 | A | 3438289] F:YP Bitches Money Weed (BMW).mp3
[21/01/2013 – 21:13:58 | D ] F:lil wayn
[01/09/2013 – 14:51:50 | D ] F:Booba
[20/08/2013 – 11:32:34 | D ] F:la fouine
[01/09/2013 – 17:28:44 | D ] F:emino
[02/05/2011 – 07:41:08 | A | 5113785] F:eminem – superman.mp3
[20/08/2012 – 01:53:56 | A | 4489258] F:eminen_lose your self .mp3
[26/12/2012 – 02:08:54 | A | 2778741] F:SEFYU – MOLOTOV 4.mp3
[01/01/2013 – 05:14:20 | A | 3621230] F:Sefyu – Turbo.mp3
[27/02/2012 – 12:52:50 | A | 4619316] F:Wiz Khalifa – Black And Yellow [G-Mix] ft. Snoop Dogg, Juicy J T-Pain – YouTube.flv.MP3
[19/08/2013 – 15:17:12 | D ] F:best of trance
[01/09/2013 – 17:41:58 | D ] F:deep
[06/11/2012 – 23:18:34 | A | 3245442] F:Lee Foss & MK feat. Anabel Englund – Electricity.mp3
[20/03/2013 – 23:12:14 | A | 3349138] F:Lana Del Rey – Summertime Sadness (Lee Foss & MK Remix).mp3
[03/09/2012 – 23:39:48 | A | 4524293] F:Phonique- Our Time Our Chance (feat. Ian Whitelaw) (Official music video).mp3
[31/05/2013 – 00:41:54 | A | 7677088] F:Tennis – Make It Good (Larry Heard Vocal Remix).mp3
[20/10/2012 – 16:12:10 | A | 5726014] F:Otto Knows – Million Voices (Original Mix) FULL VERSION.mp3
[24/12/2010 – 18:15:36 | A | 6141649] F:Yeah Yeah Yeahs – Heads Will Roll (A-Trak Remix) [BO Projet X HQ].mp3
[23/08/2012 – 02:27:04 | A | 6175335] F:Phonique – Feel What You Want Feat. Rebecca.mp3
[01/10/2012 – 00:16:46 | A | 9059297] F:Top 10 Female Vocal Trance.mp3
[01/09/2013 – 17:39:00 | A | 0] F:ABOVE&~1.MP3
################## | E.O.F |[/spoiler:1a98ba40]
Anonyme
5 septembre 2013 à 6 h 53 min
Nombre d'articles : 0
#171531
Hello ,
C’est plutôt étrange ton affaire ;(
J’ai placé mon flash disque sur un autre PC. Depuis, quand j’enregistre des fichiers sur disque amovible quelqu’un se transforme en d’autre fichiers nommé par des symboles et de date de création bizarres (exp:01/09/ 2051) .
Quand je regarde les fichiers et dossier contenu dans le lecteur F on a :
[19/04/2013 – 12:52:02 | A | 3332838] F:Project X soundtrack – Beamer Benz Or Bentley.mp3
[19/06/2013 – 14:20:10 | A | 3438289] F:YP Bitches Money Weed (BMW).mp3
[21/01/2013 – 21:13:58 | D ] F:lil wayn
[01/09/2013 – 14:51:50 | D ] F:Booba
[20/08/2013 – 11:32:34 | D ] F:la fouine
[01/09/2013 – 17:28:44 | D ] F:emino
[02/05/2011 – 07:41:08 | A | 5113785] F:eminem – superman.mp3
[20/08/2012 – 01:53:56 | A | 4489258] F:eminen_lose your self .mp3
[26/12/2012 – 02:08:54 | A | 2778741] F:SEFYU – MOLOTOV 4.mp3
[01/01/2013 – 05:14:20 | A | 3621230] F:Sefyu – Turbo.mp3
[27/02/2012 – 12:52:50 | A | 4619316] F:Wiz Khalifa – Black And Yellow [G-Mix] ft. Snoop Dogg, Juicy J T-Pain – YouTube.flv.MP3
[19/08/2013 – 15:17:12 | D ] F:best of trance
[01/09/2013 – 17:41:58 | D ] F:deep
[06/11/2012 – 23:18:34 | A | 3245442] F:Lee Foss & MK feat. Anabel Englund – Electricity.mp3
[20/03/2013 – 23:12:14 | A | 3349138] F:Lana Del Rey – Summertime Sadness (Lee Foss & MK Remix).mp3
[03/09/2012 – 23:39:48 | A | 4524293] F:Phonique- Our Time Our Chance (feat. Ian Whitelaw) (Official music video).mp3
[31/05/2013 – 00:41:54 | A | 7677088] F:Tennis – Make It Good (Larry Heard Vocal Remix).mp3
[20/10/2012 – 16:12:10 | A | 5726014] F:Otto Knows – Million Voices (Original Mix) FULL VERSION.mp3
[24/12/2010 – 18:15:36 | A | 6141649] F:Yeah Yeah Yeahs – Heads Will Roll (A-Trak Remix) [BO Projet X HQ].mp3
[23/08/2012 – 02:27:04 | A | 6175335] F:Phonique – Feel What You Want Feat. Rebecca.mp3
[01/10/2012 – 00:16:46 | A | 9059297] F:Top 10 Female Vocal Trance.mp3
[01/09/2013 – 17:39:00 | A | 0] F:ABOVE&~1.MP3
Donc toi tu ne vois pas ces fichiers et dossiers ?
Si c’est bien ça , va dans menu démarrer -> ordinateur -> clic sur le disque F pour l’ouvrir. Ensuite fais une capture du contenu.
Fais moi parvenir cette capture via SosUpload : https://antimalware.top/” onclick=”window.open(this.href);return false;
Ensuite fais un clic droit sur l’un de ces fichiers “bizarre”, choisi propriété , fais une capture de l’onglet général et de l’onglet détails. Transmet moi également ces deux captures via SosUpload 🙂
@Te lire
kazanastra
6 septembre 2013 à 0 h 23 min
Nombre d'articles : 0
#171528
ouii ouii , voila ce dossier nrml il contient des musiques mais voila ce qu il contient ( je pense qu il y a d autres fichiers comme selui la mais j l ai effacer)
https://antimalware.top/images/2013/09/06/Sans_titre4.png” onclick=”window.open(this.href);return false;
https://antimalware.top/images/2013/09/06/Sans_titre3.png” onclick=”window.open(this.href);return false;
https://antimalware.top/images/2013/09/06/Sans_titre2.png” onclick=”window.open(this.href);return false;
@ +
Anonyme
9 septembre 2013 à 6 h 43 min
Nombre d'articles : 0
#171532
Hello ,
Milles excuses, je n’avais pas vu que tu avais répondu 🙁
Je vais demander l’avis d’un autre helper Evasion60 🙂
@ plus tard.
Evasion60
Participant
9 septembre 2013 à 7 h 42 min
Nombre d'articles : 1557
#171533
:hello: Bonjour
A la lecture des deux sujets, ici SoSVirus & CCM :
Je pense que c’est le PC qui réinjecte des infections sur ton disque dur USB !
/! Peux-tu me confirmer, comme tu as écrit =>
J’ai formaté mon disque dur USB, et cela est revenu
Branche ton disque dur USB, sans l’ouvrir
Passe cet outil =>
- Télécharge OTL (by OldTimer) sur ton bureau.
  ~ Comment Télécharger sur son Bureau ?
- Lance OTL, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
- Coche les cases suivantes :
  Tous les utilisateurs
  Recherche Lop
  Recherche Purity
  Avec Analyses 64 bit Uniquement pour les systèmes en 64 bit
- Copie et colle le Script dans le lien ci dessous dans la partie inférieure d’OTL “Personnalisation”
  [glow=red:3osqp121]~ Le Script à copier est[/glow:3osqp121] >> ici <<
- Clique sur Analyse
- Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
- Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
  Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés
Reviens avec une réponse à ma question & les deux rapports demandés avec OTL 😉
kazanastra
10 septembre 2013 à 23 h 28 min
Nombre d'articles : 0
#171534
merci bien , sosupload ne peux pas heberger mes rapports …
https://forums-fec.be/upload/www/?a=d&i=6893683567” onclick=”window.open(this.href);return false;
https://forums-fec.be/upload/www/?a=d&i=7668009952” onclick=”window.open(this.href);return false;
@ +
Evasion60
Participant
18 septembre 2013 à 7 h 44 min
Nombre d'articles : 1557
#171535
:hello: Bonjour kazanastra
Toutes mes excuses pour ce retard de réponse
J’ai oublié de basculer ton sujet à mon pseudo, donc une notification eMail que je n’ai pas vu/lu !
Je regarde tes deux logs OTL dans la journée 😉

Evasion60

Participant

18 septembre 2013 à 8 h 59 min

Nombre d'articles : 1557

#171536

:hello: Re

/! Pas du tout évident, car nbreux inutiles, mais pas vraiment d’infections !
Par contre, il y a des erreurs disque dur

Lance OTL, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

Coche les cases suivantes :
- Tous les utilisateurs
- Rapport minimal

Copie et colle le Script Helper dans la partie inférieure d’OTL “Personnalisation”

:OTL

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = Reg Error: Value error.

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC    => Toolbar.Bing

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF64_11_7_700_224.dll File not found

FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll ()    => WildTangent Games

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)    => Toolbar.Google

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found

O3 - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:windowssystem32GPhotos.scr/200 File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2013/08/28 02:27:54 | 000,000,000 | ---D | C] -- C:Program FilesBitdefender

[2013/08/28 02:17:27 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesBitdefender

[2013/09/10 22:59:02 | 000,000,964 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job    => Facebook Update Task User

[2013/09/10 22:46:00 | 000,000,924 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job    => Facebook Update Task User

[2013/09/10 19:59:01 | 000,000,942 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job    => Facebook Update Task User

[2013/09/10 19:46:00 | 000,000,902 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job    => Facebook Update Task User

[2013/08/27 01:23:47 | 000,005,120 | -HS- | M] () -- C:windowssystem32configsystemprofileNtUser.dat.LOG1    => Fichiers de rapport (Log)

[2013/08/27 01:23:47 | 000,000,000 | -HS- | M] () -- C:windowssystem32configsystemprofileNtUser.dat.LOG2    => Fichiers de rapport (Log)

[2013/09/01 08:53:59 | 000,118,378 | ---- | M] () -- C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log    => Fichiers de rapport (Log)

[2012/11/30 19:41:37 | 000,000,902 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job    => Facebook Update Task User

[2012/11/30 19:41:38 | 000,000,924 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job    => Facebook Update Task User

[2013/06/09 19:54:14 | 000,000,942 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job    => Facebook Update Task User

[2013/06/09 19:54:15 | 000,000,964 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job    => Facebook Update Task User

CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

"{4DABD610-3B48-4571-A458-6828314BC363}" = protocol=17 | dir=in | app=c:program files (x86)goforfilesgoforfilesdl.exe |    => Peer2Peer.GoforFiles

"{5FA31665-3E66-4220-85A5-0C9BA627A14D}" = protocol=6 | dir=in | app=c:program files (x86)goforfilesgoforfilesdl.exe |    => Peer2Peer.GoforFiles

"{AA963096-F3BC-4368-BAA0-7E239935E4A4}" = protocol=6 | dir=in | app=c:program files (x86)utorrentutorrent.exe |    => P2P.µTorrent*

"{AEF5129C-0FC3-4689-B079-5A405AE5F8F2}" = protocol=17 | dir=in | app=c:program files (x86)utorrentutorrent.exe |    => P2P.µTorrent*

"{C6D80F91-5525-40DC-A9DA-CE1E2178ED30}" = protocol=6 | dir=in | app=c:program files (x86)utorrentutorrent.exe |    => P2P.µTorrent*

"{C9C9FB32-734D-43F5-A330-24F763A9F2A0}" = protocol=17 | dir=in | app=c:program files (x86)utorrentutorrent.exe |    => P2P.µTorrent*

"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30    => Oracle

:Commands

[emptytemp]

[emptyflash]

[purity]

[reboot]

[resethost]

[CREATERESTOREPOINT]

Clique sur Correction

OTL peut te demander de redémarrer, si c’est le cas fait le immédiatement !

Une fois le scan terminé 1 rapport va s’ouvrir ¤¤¤¤¤¤¤¤¤¤¤.log.

Copie et colle le contenu du rapport sur le forum.
Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

A te lire avec son rapport 😉

kazanastra
9 octobre 2013 à 21 h 22 min
Nombre d'articles : 0
#171540
OTL logfile created on: 10/09/2013 23:59:08 – Run 1
OTL by OldTimer – Version 3.2.69.0 Folder = C:UsersAdministrateurDesktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) – Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
5,96 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 52,90% Memory free
11,92 Gb Paging File | 8,05 Gb Available in Paging File | 67,50% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 449,65 Gb Total Space | 324,07 Gb Free Space | 72,07% Space Free | Partition Type: NTFS
Drive F: | 3,90 Gb Total Space | 0,79 Gb Free Space | 20,16% Space Free | Partition Type: FAT32
Computer Name: USER-TOSH | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC – File not found —
PRC – [2013/09/09 14:31:56 | 000,602,112 | —- | M] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
PRC – [2013/09/02 21:35:59 | 000,829,392 | —- | M] (Google Inc.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
PRC – [2013/08/30 03:41:32 | 000,356,376 | —- | M] (Kaspersky Lab ZAO) — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe
PRC – [2013/07/13 04:47:29 | 000,217,992 | —- | M] (Google Inc.) — C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe
PRC – [2013/04/04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
PRC – [2013/04/04 14:50:32 | 000,532,040 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe
PRC – [2013/04/04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
PRC – [2013/02/26 02:28:44 | 000,357,456 | —- | M] (VMware, Inc.) — C:WindowsSysWOW64vmnetdhcp.exe
PRC – [2013/02/26 02:28:26 | 000,436,304 | —- | M] (VMware, Inc.) — C:WindowsSysWOW64vmnat.exe
PRC – [2013/02/26 01:30:42 | 000,087,120 | —- | M] (VMware, Inc.) — C:Program Files (x86)VMwareVMware Playervmware-authd.exe
PRC – [2012/10/23 18:42:06 | 000,347,120 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe
PRC – [2012/10/23 18:41:44 | 001,739,760 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere.exe
PRC – [2012/10/23 18:41:41 | 000,637,936 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe
PRC – [2012/02/05 05:41:10 | 000,231,328 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeSrvUseMng.exe
PRC – [2012/02/05 05:40:56 | 000,219,048 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeSrvProvider.exe
PRC – [2012/02/04 21:47:54 | 000,251,808 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeBtMng.exe
PRC – [2012/02/04 21:16:54 | 002,824,104 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtMng.exe
PRC – [2012/01/21 00:29:26 | 000,277,784 | —- | M] (Intel Corporation) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
PRC – [2011/11/04 14:40:06 | 000,687,400 | —- | M] (Nero AG) — C:Program Files (x86)NeroUpdateNASvc.exe
PRC – [2011/08/08 21:43:00 | 000,690,072 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosA2dp.exe
PRC – [2011/08/08 21:36:00 | 000,087,960 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtHid.exe
PRC – [2011/06/06 12:55:28 | 000,064,952 | —- | M] (Adobe Systems Incorporated) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
PRC – [2011/03/14 16:27:28 | 000,236,384 | —- | M] (Huawei Technologies Co., Ltd.) — C:ProgramDataDatacardServiceDCSHelper.exe
PRC – [2011/02/03 23:18:00 | 000,742,800 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosAVRC.exe
PRC – [2010/11/21 04:25:10 | 000,164,864 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Windows Media Playerwmplayer.exe
PRC – [2010/09/07 00:18:00 | 000,746,384 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtHSP.exe
========== Modules (No Company Name) ==========
MOD – [2013/09/02 21:35:56 | 000,410,576 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66ppgooglenaclpluginchrome.dll
MOD – [2013/09/02 21:35:55 | 013,599,184 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66PepperFlashpepflashplayer.dll
MOD – [2013/09/02 21:35:54 | 004,053,456 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66pdf.dll
MOD – [2013/09/02 21:35:04 | 000,709,584 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66libglesv2.dll
MOD – [2013/09/02 21:35:03 | 000,099,792 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66libegl.dll
MOD – [2013/09/02 21:35:01 | 001,604,560 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66ffmpegsumo.dll
MOD – [2012/10/23 18:41:44 | 001,739,760 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere.exe
MOD – [2012/10/23 18:41:41 | 000,637,936 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe
MOD – [2012/10/23 18:40:44 | 000,249,344 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgMobileBroadband7.dll
MOD – [2012/10/23 18:38:48 | 000,606,208 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgCore.dll
MOD – [2012/10/23 18:38:04 | 000,204,800 | —- | M] () — C:Program Files (x86)InternetEverywhereLiveBoxCM.dll
MOD – [2012/10/23 18:37:38 | 000,073,728 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDriverInstall.dll
MOD – [2012/10/23 18:37:27 | 000,376,832 | —- | M] () — C:Program Files (x86)InternetEverywhereWTGSMSPCClient.dll
MOD – [2012/10/23 18:37:18 | 000,139,264 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgBluetooth.dll
MOD – [2012/10/23 18:37:10 | 000,212,992 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDetection.dll
MOD – [2012/10/23 18:36:57 | 000,126,976 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgWiFi.dll
MOD – [2012/10/23 18:36:46 | 000,081,920 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDialup.dll
MOD – [2012/10/23 18:36:29 | 000,102,400 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDatabase.dll
MOD – [2012/10/23 18:36:22 | 000,159,744 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgPorts.dll
MOD – [2012/10/23 18:36:16 | 000,106,496 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgUtil.dll
MOD – [2012/10/23 18:35:54 | 000,602,112 | —- | M] () — C:Program Files (x86)InternetEverywhereWTGXMLUtil.dll
MOD – [2012/08/17 21:40:16 | 000,068,024 | —- | M] () — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013QtWebKitqmlwebkitplugin4.dll
MOD – [2012/08/17 21:38:56 | 000,479,160 | —- | M] () — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013dblite.dll
MOD – [2012/01/25 18:57:12 | 000,172,032 | —- | M] () — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosGatt.dll
MOD – [2011/11/10 08:48:48 | 001,105,920 | —- | M] () — C:Program Files (x86)InternetEverywhereNDISAPI.dll
MOD – [2007/02/27 19:44:00 | 000,823,296 | —- | M] () — C:Program Files (x86)InternetEverywherelibeay32.dll
========== Services (SafeList) ==========
SRV:64bit: – [2013/05/27 06:50:47 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] — C:Program FilesWindows DefenderMpSvc.dll — (WinDefend)
SRV:64bit: – [2012/01/20 12:27:28 | 000,235,520 | —- | M] (AMD) [Auto | Running] — C:WindowsSysNativeatiesrxx.exe — (AMD External Events Utility)
SRV:64bit: – [2011/12/16 07:16:48 | 000,583,088 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:Program FilesTOSHIBAPower SaverTosCoSrv.exe — (TosCoSrv)
SRV:64bit: – [2011/12/14 23:11:38 | 000,833,976 | —- | M] (TOSHIBA Corporation) [On_Demand | Running] — C:Program FilesTOSHIBATPHMTPCHSrv.exe — (TPCHSrv)
SRV:64bit: – [2011/11/26 02:52:36 | 000,138,152 | —- | M] (TOSHIBA Corporation) [On_Demand | Running] — C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe — (TOSHIBA HDD SSD Alert Service)
SRV:64bit: – [2011/11/24 21:20:38 | 000,294,848 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:Program FilesTOSHIBATECOTecoService.exe — (TOSHIBA eco Utility Service)
SRV:64bit: – [2010/10/20 22:41:00 | 000,138,656 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:WindowsSysNativeTODDSrv.exe — (TODDSrv)
SRV:64bit: – [2010/09/22 18:10:10 | 000,057,184 | —- | M] (Microsoft Corporation) [Disabled | Stopped] — C:Program FilesWindows LiveMeshwlcrasvc.exe — (wlcrasvc)
SRV:64bit: – [2010/09/10 01:26:34 | 000,162,824 | —- | M] () [Auto | Running] — C:WindowsSysNativeGFNEXSrv.exe — (GFNEXSrv)
SRV:64bit: – [2009/12/16 16:44:44 | 003,750,400 | —- | M] (SafeNet Inc.) [Auto | Running] — C:WindowsSysNativehasplms.exe — (hasplms)
SRV – [2013/08/30 03:41:32 | 000,356,376 | —- | M] (Kaspersky Lab ZAO) [Auto | Running] — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe — (AVP)
SRV – [2013/04/04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) [Auto | Running] — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe — (MBAMService)
SRV – [2013/04/04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) [Auto | Running] — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe — (MBAMScheduler)
SRV – [2013/02/26 02:28:44 | 000,357,456 | —- | M] (VMware, Inc.) [Auto | Running] — C:WindowsSysWOW64vmnetdhcp.exe — (VMnetDHCP)
SRV – [2013/02/26 02:28:26 | 000,436,304 | —- | M] (VMware, Inc.) [Auto | Running] — C:WindowsSysWOW64vmnat.exe — (VMware NAT Service)
SRV – [2013/02/26 01:30:42 | 000,087,120 | —- | M] (VMware, Inc.) [Auto | Running] — C:Program Files (x86)VMwareVMware Playervmware-authd.exe — (VMAuthdService)
SRV – [2012/10/23 18:42:06 | 000,347,120 | —- | M] () [Auto | Running] — C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe — (InternetEverywhere_Service)
SRV – [2012/10/11 16:15:30 | 000,918,680 | —- | M] (VMware, Inc.) [Auto | Running] — C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe — (VMUSBArbService)
SRV – [2012/07/13 13:28:36 | 000,160,944 | —- | M] (Skype Technologies) [Auto | Stopped] — C:Program Files (x86)SkypeUpdaterUpdater.exe — (SkypeUpdate)
SRV – [2012/01/21 00:29:26 | 000,277,784 | —- | M] (Intel Corporation) [Auto | Running] — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe — (LMS)
SRV – [2011/11/04 14:40:06 | 000,687,400 | —- | M] (Nero AG) [Auto | Running] — C:Program Files (x86)NeroUpdateNASvc.exe — (NAUpdate)
SRV – [2011/07/12 01:16:06 | 000,057,216 | —- | M] (TOSHIBA Corporation) [On_Demand | Stopped] — C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe — (TMachInfo)
SRV – [2011/06/06 12:55:28 | 000,064,952 | —- | M] (Adobe Systems Incorporated) [Auto | Running] — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe — (AdobeARMservice)
SRV – [2011/04/02 01:42:00 | 000,198,064 | —- | M] (TOSHIBA CORPORATION) [On_Demand | Running] — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtSrv.exe — (TOSHIBA Bluetooth Service)
SRV – [2011/03/14 16:27:34 | 000,346,976 | —- | M] () [Auto | Running] — C:ProgramDataDatacardServiceHWDeviceService64.exe — (HWDeviceService64.exe)
SRV – [2011/02/10 09:25:36 | 000,112,080 | —- | M] (Toshiba Europe GmbH) [Auto | Running] — C:Program Files (x86)Toshiba TEMPROTemproSvc.exe — (TemproMonitoringService)
SRV – [2010/10/12 18:59:12 | 000,206,072 | —- | M] (WildTangent, Inc.) [On_Demand | Stopped] — C:Program Files (x86)WildTangent GamesAppGamesAppService.exe — (GamesAppService)
SRV – [2010/03/18 13:16:28 | 000,130,384 | —- | M] (Microsoft Corporation) [Auto | Stopped] — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe — (clr_optimization_v4.0.30319_32)
SRV – [2010/02/19 13:37:14 | 000,517,096 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] — C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe — (SwitchBoard)
SRV – [2009/06/10 22:23:09 | 000,066,384 | —- | M] (Microsoft Corporation) [Disabled | Stopped] — C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: – [2013/08/30 04:22:17 | 000,178,448 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriverskneps.sys — (kneps)
DRV:64bit: – [2013/08/30 04:22:17 | 000,054,368 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriverskltdi.sys — (kltdi)
DRV:64bit: – [2013/08/30 04:22:17 | 000,029,528 | —- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversklmouflt.sys — (klmouflt)
DRV:64bit: – [2013/08/30 04:22:16 | 000,620,128 | —- | M] (Kaspersky Lab ZAO) [File_System | System | Running] — C:WindowsSysNativedriversklif.sys — (KLIF)
DRV:64bit: – [2013/08/30 04:22:16 | 000,029,016 | —- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversklkbdflt.sys — (klkbdflt)
DRV:64bit: – [2013/04/30 09:51:09 | 000,040,616 | —- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriverstap0901.sys — (tap0901)
DRV:64bit: – [2013/04/15 10:50:30 | 000,127,384 | —- | M] (Power Software Ltd) [Kernel | System | Running] — C:windowsSysNativedriversscdemu.sys — (SCDEmu)
DRV:64bit: – [2013/04/04 14:50:32 | 000,025,928 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] — C:WindowsSysNativedriversmbam.sys — (MBAMProtector)
DRV:64bit: – [2013/02/26 02:28:48 | 000,067,664 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmx86.sys — (vmx86)
DRV:64bit: – [2013/02/26 02:28:14 | 000,030,800 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmnetuserif.sys — (VMnetuserif)
DRV:64bit: – [2013/02/26 02:27:48 | 000,045,720 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmnetbridge.sys — (VMnetBridge)
DRV:64bit: – [2013/02/26 02:27:44 | 000,033,360 | —- | M] (VMware, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversVMkbd.sys — (vmkbd2)
DRV:64bit: – [2013/01/01 17:11:02 | 000,422,400 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewusbwwan.sys — (ewusbmbb)
DRV:64bit: – [2012/12/25 15:37:54 | 000,223,232 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewusbmdm.sys — (hwdatacard)
DRV:64bit: – [2012/12/25 15:37:54 | 000,117,248 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversew_hwusbdev.sys — (ew_hwusbdev)
DRV:64bit: – [2012/12/25 15:37:54 | 000,098,304 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jucdcacm.sys — (huawei_cdcacm)
DRV:64bit: – [2012/12/25 15:37:54 | 000,087,040 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jubusenum.sys — (huawei_enumerator)
DRV:64bit: – [2012/12/25 15:37:54 | 000,072,192 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jucdcecm.sys — (huawei_cdcecm)
DRV:64bit: – [2012/12/25 15:37:54 | 000,028,672 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_juextctrl.sys — (huawei_ext_ctrl)
DRV:64bit: – [2012/12/25 15:37:54 | 000,013,952 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_usbenumfilter.sys — (ew_usbenumfilter)
DRV:64bit: – [2012/11/30 17:35:28 | 000,112,896 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewsercd.sys — (ewsercd)
DRV:64bit: – [2012/10/24 14:17:14 | 000,070,296 | —- | M] (VMware, Inc.) [Kernel | Boot | Running] — C:WindowsSysNativedriversvsock.sys — (vsock)
DRV:64bit: – [2012/10/24 14:17:10 | 000,085,104 | —- | M] (VMware, Inc.) [Kernel | Boot | Running] — C:WindowsSysNativedriversvmci.sys — (vmci)
DRV:64bit: – [2012/10/11 16:15:32 | 000,052,376 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedrivershcmon.sys — (hcmon)
DRV:64bit: – [2012/10/11 16:15:06 | 000,037,680 | —- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversvmusb.sys — (vmusb)
DRV:64bit: – [2012/08/02 15:09:34 | 000,028,504 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriversklim6.sys — (KLIM6)
DRV:64bit: – [2012/06/29 20:39:02 | 000,004,608 | —- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversvncmirror.sys — (vncmirror)
DRV:64bit: – [2012/06/19 17:28:12 | 000,458,584 | —- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] — C:WindowsSysNativedriverskl1.sys — (kl1)
DRV:64bit: – [2012/03/01 07:46:16 | 000,023,408 | —- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] — C:windowsSysNativedriversfs_rec.sys — (Fs_Rec)
DRV:64bit: – [2012/01/30 22:14:00 | 000,304,696 | —- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfbd.sys — (tosrfbd)
DRV:64bit: – [2012/01/20 12:53:32 | 010,731,520 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversatikmdag.sys — (amdkmdag)
DRV:64bit: – [2012/01/20 11:34:36 | 000,328,192 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversatikmpag.sys — (amdkmdap)
DRV:64bit: – [2012/01/17 01:20:38 | 001,082,472 | —- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversrtwlane.sys — (RTL8192Ce)
DRV:64bit: – [2012/01/05 21:42:32 | 000,021,096 | —- | M] (Realtek Microelectronics) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRtkBtfilter.sys — (RtkBtFilter)
DRV:64bit: – [2012/01/05 11:58:50 | 000,786,200 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversiusb3xhc.sys — (iusb3xhc)
DRV:64bit: – [2012/01/05 11:58:50 | 000,355,096 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversiusb3hub.sys — (iusb3hub)
DRV:64bit: – [2012/01/05 11:58:50 | 000,016,152 | —- | M] (Intel Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversiusb3hcs.sys — (iusb3hcs)
DRV:64bit: – [2011/12/19 20:15:10 | 000,411,920 | —- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversSynTP.sys — (SynTP)
DRV:64bit: – [2011/12/17 01:24:00 | 000,079,040 | —- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfusb.sys — (Tosrfusb)
DRV:64bit: – [2011/12/01 11:42:44 | 000,072,240 | —- | M] (Nero AG) [Kernel | Boot | Running] — C:WindowsSysNativedriversNBVol.sys — (NBVol)
DRV:64bit: – [2011/12/01 11:42:44 | 000,015,920 | —- | M] (Nero AG) [Kernel | Boot | Running] — C:WindowsSysNativedriversNBVolUp.sys — (NBVolUp)
DRV:64bit: – [2011/11/30 03:40:32 | 000,568,600 | —- | M] (Intel Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversiaStor.sys — (iaStor)
DRV:64bit: – [2011/11/10 09:04:14 | 000,060,184 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversHECIx64.sys — (MEIx64)
DRV:64bit: – [2011/10/17 20:40:50 | 000,093,712 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversAtihdW76.sys — (AtiHDAudioService)
DRV:64bit: – [2011/08/24 05:57:24 | 000,565,352 | —- | M] (Realtek ) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRt64win7.sys — (RTL8167)
DRV:64bit: – [2011/08/17 22:27:06 | 000,251,496 | —- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRtsUStor.sys — (RSUSBSTOR)
DRV:64bit: – [2011/03/18 23:03:18 | 000,482,384 | —- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriverstos_sps64.sys — (tos_sps64)
DRV:64bit: – [2011/03/11 07:41:12 | 000,107,904 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversamdsata.sys — (amdsata)
DRV:64bit: – [2011/03/11 07:41:12 | 000,027,008 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] — C:WindowsSysNativedriversamdxata.sys — (amdxata)
DRV:64bit: – [2011/02/09 03:07:00 | 000,038,096 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversPGEffect.sys — (PGEffect)
DRV:64bit: – [2010/11/29 19:47:00 | 000,082,224 | —- | M] (TOSHIBA Corporation) [Kernel | System | Running] — C:WindowsSysNativedriverstosrfcom.sys — (Tosrfcom)
DRV:64bit: – [2010/11/21 04:24:33 | 000,059,392 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTsUsbFlt.sys — (TsUsbFlt)
DRV:64bit: – [2010/11/21 04:23:47 | 000,078,720 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversHpSAMD.sys — (HpSAMD)
DRV:64bit: – [2010/11/21 04:23:47 | 000,031,232 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTsUsbGD.sys — (TsUsbGD)
DRV:64bit: – [2010/11/11 18:27:00 | 000,050,864 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfbnp.sys — (tosrfbnp)
DRV:64bit: – [2010/08/30 18:48:00 | 000,094,528 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversTosrfhid.sys — (Tosrfhid)
DRV:64bit: – [2010/06/19 00:45:00 | 000,018,872 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfec.sys — (tosrfec)
DRV:64bit: – [2010/04/26 19:48:00 | 000,063,488 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTosRfSnd.sys — (TosRfSnd)
DRV:64bit: – [2009/09/23 02:46:18 | 000,066,304 | —- | M] (Microsoft Corporation) [Kernel | System | Running] — C:WindowsSysNativedriversvpcnfltr.sys — (vpcnfltr)
DRV:64bit: – [2009/09/23 02:46:17 | 000,359,552 | —- | M] (Microsoft Corporation) [Kernel | System | Running] — C:WindowsSysNativedriversvpcvmm.sys — (vpcvmm)
DRV:64bit: – [2009/09/23 02:32:39 | 000,095,232 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversvpcusb.sys — (vpcusb)
DRV:64bit: – [2009/09/23 02:32:33 | 000,187,904 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversvpchbus.sys — (vpcbus)
DRV:64bit: – [2009/09/21 08:07:26 | 000,071,040 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedriversaksdf.sys — (aksdf)
DRV:64bit: – [2009/08/20 07:02:06 | 000,130,816 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedriversaksfridge.sys — (aksfridge)
DRV:64bit: – [2009/07/31 04:22:04 | 000,027,784 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstdcmdpst.sys — (tdcmdpst)
DRV:64bit: – [2009/07/24 19:33:00 | 000,026,472 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfnds.sys — (tosrfnds)
DRV:64bit: – [2009/07/15 00:31:18 | 000,026,840 | —- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversTVALZ_O.SYS — (TVALZ)
DRV:64bit: – [2009/07/14 02:52:20 | 000,194,128 | —- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversamdsbs.sys — (amdsbs)
DRV:64bit: – [2009/07/14 02:48:04 | 000,065,600 | —- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriverslsi_sas2.sys — (LSI_SAS2)
DRV:64bit: – [2009/07/14 02:45:55 | 000,024,656 | —- | M] (Promise Technology) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversstexstor.sys — (stexstor)
DRV:64bit: – [2009/07/14 01:10:47 | 000,011,264 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversrootmdm.sys — (ROOTMODEM)
DRV:64bit: – [2009/06/20 03:15:22 | 000,014,472 | —- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] — C:WindowsSysNativedriversTVALZFL.sys — (TVALZFL)
DRV:64bit: – [2009/06/17 20:01:00 | 000,054,664 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosporte.sys — (tosporte)
DRV:64bit: – [2009/06/10 21:34:33 | 003,286,016 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversevbda.sys — (ebdrv)
DRV:64bit: – [2009/06/10 21:34:28 | 000,468,480 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversbxvbda.sys — (b06bdrv)
DRV:64bit: – [2009/06/10 21:34:23 | 000,270,848 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversb57nd60a.sys — (b57nd60a)
DRV:64bit: – [2009/06/10 21:31:59 | 000,031,232 | —- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedrivershcw85cir.sys — (hcw85cir)
DRV:64bit: – [2009/03/13 10:55:38 | 000,318,464 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedrivershardlock.sys — (hardlock)
DRV – [2013/01/01 17:11:03 | 000,098,304 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jucdcacm.sys — (huawei_cdcacm)
DRV – [2013/01/01 17:11:03 | 000,087,040 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jubusenum.sys — (huawei_enumerator)
DRV – [2013/01/01 17:11:03 | 000,072,192 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jucdcecm.sys — (huawei_cdcecm)
DRV – [2013/01/01 17:11:03 | 000,028,672 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_juextctrl.sys — (huawei_ext_ctrl)
DRV – [2013/01/01 17:11:03 | 000,013,952 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_usbenumfilter.sys — (ew_usbenumfilter)
DRV – [2013/01/01 17:11:02 | 000,422,400 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbwwan.sys — (ewusbmbb)
DRV – [2013/01/01 17:11:02 | 000,274,944 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbnet.sys — (ewusbnet)
DRV – [2013/01/01 17:11:02 | 000,223,232 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbmdm.sys — (hwdatacard)
DRV – [2013/01/01 17:11:02 | 000,117,248 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversew_hwusbdev.sys — (ew_hwusbdev)
DRV – [2009/07/14 02:19:10 | 000,019,008 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] — C:WindowsSysWOW64driverswimmount.sys — (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
IE:64bit: – HKLM..SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
IE:64bit: – HKLM..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search bar = http://search.msn.com/spbasic.htm” onclick=”window.open(this.href);return false;
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = Reg Error: Value error.
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
IE – HKLM..URLSearchHook: – No CLSID value found
IE – HKLM..SearchScopes,DefaultScope =
IE – HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q=” onclick=”window.open(this.href);return false;{searchTerms}&FORM=IE8SRC
IE – HKLM..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE – HKU.DEFAULT..SearchScopes,DefaultScope =
IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
IE – HKUS-1-5-18..SearchScopes,DefaultScope =
IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
IE – HKUS-1-5-19..SearchScopes,DefaultScope =
IE – HKUS-1-5-20..SearchScopes,DefaultScope =
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes${searchCLSID}: “URL” = http://search.live.com/results.aspx?q=” onclick=”window.open(this.href);return false;{searchTerms}&src={referrer:source?}
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_frTN490
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF:64bit: – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF64_11_7_700_224.dll File not found
FF:64bit: – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll ()
FF – HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:windowsSysWOW64AdobeDirectornp32dsw_1202122.dll (Adobe Systems, Inc.)
FF – HKLMSoftwareMozillaPlugins@google.com/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)
FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@Nero.com/KM: C:PROGRA~2COMMON~1NeroBROWSE~1NPBROW~1.DLL (Nero AG)
FF – HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=15.0.6.14: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprpplugin;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll (RealPlayer)
FF – HKLMSoftwareMozillaPlugins@richmediaplayer.com/nppluginrichmediaplayer: C:Program Files (x86)Mozilla Firefoxpluginsnppluginrichmediaplayer.dll ()
FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
FF – HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.4: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)
FF – HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll ()
FF – HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF – HKCUSoftwareMozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:UsersAdministrateurAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)
FF – HKCUSoftwareMozillaPlugins@unity3d.com/UnityPlayer,version=1.0: C:UsersAdministrateurAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{0153E448-190B-4987-BDE1-F256CADA672F}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/12/08 17:23:23 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsFirefox{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013/08/28 18:51:18 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\url_advisor@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExturl_advisor@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\virtual_keyboard@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExtvirtual_keyboard@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\content_blocker@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExtcontent_blocker@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]
[2013/01/03 18:45:41 | 000,000,000 | —D | M] (No name found) — C:Program Files (x86)Mozilla Firefoxextensions
[2013/03/12 09:27:46 | 000,093,976 | —- | M] () — C:Program Files (x86)mozilla firefoxpluginsnppluginrichmediaplayer.dll
========== Chrome ==========
CHR – default_search_provider: google (Enabled)
CHR – default_search_provider: search_url = http://www.google.fr/search?q=” onclick=”window.open(this.href);return false;{searchTerms}
CHR – default_search_provider: suggest_url =
CHR – plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66PepperFlashpepflashplayer.dll
CHR – plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR – plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66ppGoogleNaClPluginChrome.dll
CHR – plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66pdf.dll
CHR – plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll
CHR – plugin: Nero Kwik Media Helper (Enabled) = C:PROGRA~2COMMON~1NeroBROWSE~1NPBROW~1.DLL
CHR – plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll
CHR – plugin: Picasa (Enabled) = C:Program Files (x86)GooglePicasa3npPicasa3.dll
CHR – plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll
CHR – plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll
CHR – plugin: PluginRichmediaplayer (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnppluginrichmediaplayer.dll
CHR – plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll
CHR – plugin: RealJukebox NS Plugin (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll
CHR – plugin: RealPlayer Download Plugin (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll
CHR – plugin: VLC Web Plugin (Enabled) = C:Program Files (x86)VideoLANVLCnpvlc.dll
CHR – plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll
CHR – plugin: Windows Liveu0099 Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
CHR – plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll
CHR – plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll
CHR – plugin: Unity Player (Enabled) = C:UsersAdministrateurAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll
CHR – plugin: Facebook Video Calling Plugin (Enabled) = C:UsersAdministrateurAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll
CHR – plugin: Shockwave for Director (Enabled) = C:windowsSysWOW64AdobeDirectornp32dsw_1202122.dll
CHR – plugin: Shockwave Flash (Enabled) = C:windowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll
CHR – plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll
CHR – Extension: Documents Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake.0.0.6_0
CHR – Extension: Documents Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake.5_0
CHR – Extension: Googleu00A0Drive = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.2_0
CHR – Extension: Googleu00A0Drive = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR – Extension: YouTube = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0
CHR – Extension: YouTube = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR – Extension: Recherche Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf.0.0.19_0
CHR – Extension: Recherche Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf.0.0.20_0
CHR – Extension: Kaspersky URL Advisor = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsdchlnpcodkpfdpacogkljefecpegganj13.0.1.4190_0
CHR – Extension: Download Video = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsdoagiokpgboiomffjfhaiimafndmmpni1.3.1_0
CHR – Extension: RealPlayer HTML5Video Downloader Extension = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0
CHR – Extension: RealPlayer HTML5Video Downloader Extension = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_1
CHR – Extension: Chrome In-App Payments service = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda.0.4.10_0
CHR – Extension: Chrome In-App Payments service = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda.0.4.10_1
CHR – Extension: Gmail = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0
CHR – Extension: Gmail = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_1
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | —- | M]) – C:WindowsSysNativedriversetchosts
O2:64bit: – BHO: (Content Blocker Plugin) – {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtContentBlockerie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: – BHO: (Virtual Keyboard Plugin) – {73455575-E40C-433C-9784-C78DC7761455} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: – BHO: (Google Toolbar Helper) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O2:64bit: – BHO: (URL Advisor Plugin) – {E33CF602-D945-461A-83F0-819F76A199F8} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: – BHO: (TOSHIBA Media Controller Plug-in) – {F3C88694-EFFA-4d78-B409-54B7B2535B14} – C:Program Files (x86)TOSHIBATOSHIBA Media Controller Plug-inx64TOSHIBAMediaControllerIE.dll ()
O2 – BHO: (RealPlayer Download and Record Plugin for Internet Explorer) – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
O2 – BHO: (Content Blocker Plugin) – {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtContentBlockerie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 – BHO: (Virtual Keyboard Plugin) – {73455575-E40C-433C-9784-C78DC7761455} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 – BHO: (Java(tm) Plug-In SSV Helper) – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)
O2 – BHO: (Rich Media Downloader) – {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIERichMediaDownloader.dll (Radiocom CJSC)
O2 – BHO: (Google Toolbar Helper) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
O2 – BHO: (URL Advisor Plugin) – {E33CF602-D945-461A-83F0-819F76A199F8} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O2 – BHO: (TOSHIBA Media Controller Plug-in) – {F3C88694-EFFA-4d78-B409-54B7B2535B14} – C:Program Files (x86)TOSHIBATOSHIBA Media Controller Plug-inTOSHIBAMediaControllerIE.dll ()
O2 – BHO: (Rich Media Player) – {FEB703F7-E7B2-4AB0-9566-87658AC70095} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIEPluginRichmediaplayer.dll ()
O3:64bit: – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
O3 – HKLM..Toolbar: (Google Toolbar) – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
O3 – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
O4:64bit: – HKLM..Run: [] File not found
O4:64bit: – HKLM..Run: [AdobeAAMUpdater-1.0] C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: – HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)
O4:64bit: – HKLM..Run: [SRS Premium Sound HD] C:Program FilesSRS LabsSRS Control PanelSRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: – HKLM..Run: [TCrdMain] C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [Teco] C:Program FilesTOSHIBATECOTeco.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [Toshiba Registration] C:Program FilesTOSHIBARegistrationToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: – HKLM..Run: [Toshiba TEMPRO] C:Program Files (x86)Toshiba TEMPROTemproTray.exe (Toshiba Europe GmbH)
O4:64bit: – HKLM..Run: [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [TosWaitSrv] C:Program FilesTOSHIBATPHMTosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [TPwrMain] C:Program FilesTOSHIBAPower SaverTPwrMain.exe (TOSHIBA Corporation)
O4 – HKLM..Run: [AdobeCS6ServiceManager] C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe (Adobe Systems Incorporated)
O4 – HKLM..Run: [AVP] C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe (Kaspersky Lab ZAO)
O4 – HKLM..Run: [NBAgent] C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe (Nero AG)
O4 – HKLM..Run: [StartCCC] C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)
O4 – HKLM..Run: [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated)
O4 – HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerupdaterealsched.exe (RealNetworks, Inc.)
O4 – HKU.DEFAULT..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-18..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-19..Run: [Sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)
O4 – HKUS-1-5-19..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-20..Run: [Sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)
O4 – HKUS-1-5-20..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-21-3799678134-1094475672-2913924675-500..Run: [Facebook Update] C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe (Facebook Inc.)
O4 – HKUS-1-5-21-3799678134-1094475672-2913924675-500..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
O4 – HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
O4 – Startup: C:UsersDefaultAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
O4 – Startup: C:UsersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
O4 – Startup: C:UsersInvitéAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 3
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1
O7 – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
O7 – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 3
O8:64bit: – Extra context menu item: Add to Google Photos Screensa&ver – res://C” onclick=”window.open(this.href);return false;:windowssystem32GPhotos.scr/200 File not found
O8 – Extra context menu item: Add to Google Photos Screensa&ver – C:windowsSysWow64GPhotos.scr (Google Inc.)
O9:64bit: – Extra Button: Virtual Keyboard – {0C4CC089-D306-440D-9772-464E226F6539} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: – Extra Button: URLs check – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O9 – Extra Button: Virtual Keyboard – {0C4CC089-D306-440D-9772-464E226F6539} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 – Extra Button: Rich Media Downloader – {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIERichMediaDownloader.dll (Radiocom CJSC)
O9 – Extra Button: URLs check – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: – Protocol_Catalog9Catalog_Entries6400000000012 – C:WindowsSysNativevsocklib.dll (VMware, Inc.)
O10:64bit: – Protocol_Catalog9Catalog_Entries6400000000013 – C:WindowsSysNativevsocklib.dll (VMware, Inc.)
O10 – Protocol_Catalog9Catalog_Entries00000000012 – C:WindowsSysWOW64vsocklib.dll (VMware, Inc.)
O10 – Protocol_Catalog9Catalog_Entries00000000013 – C:WindowsSysWOW64vsocklib.dll (VMware, Inc.)
O1364bit: – gopher Prefix: missing
O13 – gopher Prefix: missing
O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
O16 – DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{3AA4AC40-DE5B-46A7-88FD-F8AF6C06778D}: DhcpNameServer = 192.1.1.13 192.1.1.28
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{424CAE7A-7FF0-4B70-AB48-BCB9F861625E}: NameServer = 196.203.80.4 196.203.82.4
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{7CD145E9-81AC-4AB6-87AF-8A3CBD8285B1}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{8AFC0B4A-8564-41F5-901F-9DD8D667FAAC}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{94886D77-FC1C-4772-AA76-EA2FE0E2A52D}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{F9508140-3B1F-4982-9E10-5A25E921B693}: NameServer = 196.203.80.4 196.203.82.4
O18:64bit: – ProtocolHandlerlivecall – No CLSID value found
O18:64bit: – ProtocolHandlermsdaipp – No CLSID value found
O18:64bit: – ProtocolHandlermsdaippx00000001 – No CLSID value found
O18:64bit: – ProtocolHandlermsdaippoledb – No CLSID value found
O18:64bit: – ProtocolHandlerms-help – No CLSID value found
O18:64bit: – ProtocolHandlermsnim – No CLSID value found
O18:64bit: – ProtocolHandlermso-offdap11 – No CLSID value found
O18:64bit: – ProtocolHandlerskype4com – No CLSID value found
O18:64bit: – ProtocolHandlerwlmailhtml – No CLSID value found
O18:64bit: – ProtocolHandlerwlpg – No CLSID value found
O18 – ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 – ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} – C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 – ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
O20:64bit: – HKLM Winlogon: Shell – (Explorer.exe) – C:windowsexplorer.exe (Microsoft Corporation)
O20:64bit: – HKLM Winlogon: UserInit – (C:windowssystem32userinit.exe) – C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:windowsSysWow64explorer.exe (Microsoft Corporation)
O20 – HKLM Winlogon: UserInit – (userinit.exe) – C:windowsSysWow64userinit.exe (Microsoft Corporation)
O21:64bit: – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
O32 – HKLM CDRom: AutoRun – 0
O32 – AutoRun File – [2013/08/26 22:34:51 | 000,000,000 | RHSD | M] – C:Autorun.inf — [ NTFS ]
O34 – HKLM BootExecute: (autocheck autochk *)
O35:64bit: – HKLM..comfile [open] — “%1” %*
O35:64bit: – HKLM..exefile [open] — “%1” %*
O35 – HKLM..comfile [open] — “%1” %*
O35 – HKLM..exefile [open] — “%1” %*
O37:64bit: – HKLM…com [@ = comfile] — “%1” %*
O37:64bit: – HKLM…exe [@ = exefile] — “%1” %*
O37 – HKLM…com [@ = comfile] — “%1” %*
O37 – HKLM…exe [@ = exefile] — “%1” %*
O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 – SubSystems\Windows: (ServerDll=sxssrv,4)
kazanastra
9 octobre 2013 à 21 h 30 min
Nombre d'articles : 0
#171539
SafeBootMin:64bit: AppMgmt – Service
SafeBootMin:64bit: Base – Driver Group
SafeBootMin:64bit: Boot Bus Extender – Driver Group
SafeBootMin:64bit: Boot file system – Driver Group
SafeBootMin:64bit: File system – Driver Group
SafeBootMin:64bit: Filter – Driver Group
SafeBootMin:64bit: HelpSvc – Service
SafeBootMin:64bit: MCODS – Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration – Driver Group
SafeBootMin:64bit: PNP Filter – Driver Group
SafeBootMin:64bit: Primary disk – Driver Group
SafeBootMin:64bit: sacsvr – Service
SafeBootMin:64bit: SCSI Class – Driver Group
SafeBootMin:64bit: System Bus Extender – Driver Group
SafeBootMin:64bit: vmms – Service
SafeBootMin:64bit: WinDefend – C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
SafeBootMin: AppMgmt – Service
SafeBootMin: Base – Driver Group
SafeBootMin: Boot Bus Extender – Driver Group
SafeBootMin: Boot file system – Driver Group
SafeBootMin: File system – Driver Group
SafeBootMin: Filter – Driver Group
SafeBootMin: HelpSvc – Service
SafeBootMin: MCODS – Reg Error: Value error.
SafeBootMin: PCI Configuration – Driver Group
SafeBootMin: PNP Filter – Driver Group
SafeBootMin: Primary disk – Driver Group
SafeBootMin: sacsvr – Service
SafeBootMin: SCSI Class – Driver Group
SafeBootMin: System Bus Extender – Driver Group
SafeBootMin: vmms – Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
SafeBootNet:64bit: AppMgmt – Service
SafeBootNet:64bit: Base – Driver Group
SafeBootNet:64bit: Boot Bus Extender – Driver Group
SafeBootNet:64bit: Boot file system – Driver Group
SafeBootNet:64bit: File system – Driver Group
SafeBootNet:64bit: Filter – Driver Group
SafeBootNet:64bit: HelpSvc – Service
SafeBootNet:64bit: MCODS – Reg Error: Value error.
SafeBootNet:64bit: Messenger – Service
SafeBootNet:64bit: NDIS Wrapper – Driver Group
SafeBootNet:64bit: NetBIOSGroup – Driver Group
SafeBootNet:64bit: NetDDEGroup – Driver Group
SafeBootNet:64bit: Network – Driver Group
SafeBootNet:64bit: NetworkProvider – Driver Group
SafeBootNet:64bit: PCI Configuration – Driver Group
SafeBootNet:64bit: PNP Filter – Driver Group
SafeBootNet:64bit: PNP_TDI – Driver Group
SafeBootNet:64bit: Primary disk – Driver Group
SafeBootNet:64bit: rdsessmgr – Service
SafeBootNet:64bit: sacsvr – Service
SafeBootNet:64bit: SCSI Class – Driver Group
SafeBootNet:64bit: Streams Drivers – Driver Group
SafeBootNet:64bit: System Bus Extender – Driver Group
SafeBootNet:64bit: TDI – Driver Group
SafeBootNet:64bit: vmms – Service
SafeBootNet:64bit: WinDefend – C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver – Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} – Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} – NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} – NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} – NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} – Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
SafeBootNet: AppMgmt – Service
SafeBootNet: Base – Driver Group
SafeBootNet: Boot Bus Extender – Driver Group
SafeBootNet: Boot file system – Driver Group
SafeBootNet: File system – Driver Group
SafeBootNet: Filter – Driver Group
SafeBootNet: HelpSvc – Service
SafeBootNet: MCODS – Reg Error: Value error.
SafeBootNet: Messenger – Service
SafeBootNet: NDIS Wrapper – Driver Group
SafeBootNet: NetBIOSGroup – Driver Group
SafeBootNet: NetDDEGroup – Driver Group
SafeBootNet: Network – Driver Group
SafeBootNet: NetworkProvider – Driver Group
SafeBootNet: PCI Configuration – Driver Group
SafeBootNet: PNP Filter – Driver Group
SafeBootNet: PNP_TDI – Driver Group
SafeBootNet: Primary disk – Driver Group
SafeBootNet: rdsessmgr – Service
SafeBootNet: sacsvr – Service
SafeBootNet: SCSI Class – Driver Group
SafeBootNet: Streams Drivers – Driver Group
SafeBootNet: System Bus Extender – Driver Group
SafeBootNet: TDI – Driver Group
SafeBootNet: vmms – Service
SafeBootNet: WudfUsbccidDriver – Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} – Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} – NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} – NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} – NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} – Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} – Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} – %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} – C:windowssystem32cmd.exe /D /C start C:windowssystem32ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} – Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} – “%ProgramFiles%Windows MailWinMail.exe” OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} – DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} – Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} – Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} – Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} – Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} – Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} – MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} – Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} – regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} – C:windowsSystem32ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} – C:Windowssystem32Rundll32.exe C:Windowssystem32mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} – Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} – Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} – HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} – Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} – .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} – .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} – %SystemRoot%system32unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} – Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} – Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} – %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} – C:windowssystem32cmd.exe /D /C start C:windowssystem32ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} – Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} – “%ProgramFiles(x86)%Windows MailWinMail.exe” OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} – DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} – Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} – Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} – Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} – Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} – Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} – MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} – Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} – Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} – .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} – regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} –
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} – C:WindowsSysWOW64Rundll32.exe C:WindowsSysWOW64mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} – “C:Program Files (x86)GoogleChromeApplication29.0.1547.66Installerchrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} – Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} – .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} – Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} – Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} – HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} – Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} – .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} – %SystemRoot%system32unregmp2.exe /ShowWMP
Drivers32:64bit: msacm.l3acm – C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm – C:WindowsSysWOW64l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid – C:windowsSysWow64iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc – C:windowsSysWow64vmnc.dll (VMware, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders – Created Within 30 Days ==========
[2013/09/09 14:31:49 | 000,602,112 | —- | C] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
[2013/09/01 16:27:04 | 000,000,000 | —D | C] — C:Sounds
[2013/09/01 12:54:25 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingMalwarebytes
[2013/09/01 12:54:23 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes’ Anti-Malware
[2013/09/01 12:54:22 | 000,025,928 | —- | C] (Malwarebytes Corporation) — C:windowsSysNativedriversmbam.sys
[2013/09/01 12:54:22 | 000,000,000 | —D | C] — C:ProgramDataMalwarebytes
[2013/09/01 12:54:21 | 000,000,000 | —D | C] — C:Program Files (x86)Malwarebytes’ Anti-Malware
[2013/09/01 12:54:11 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalPrograms
[2013/09/01 07:40:26 | 000,000,000 | —D | C] — C:windowsERUNT
[2013/09/01 07:31:14 | 000,000,000 | —D | C] — C:AdwCleaner
[2013/08/31 04:21:33 | 000,000,000 | —D | C] — C:Program Files (x86)ZHPDiag
[2013/08/31 04:21:33 | 000,000,000 | —D | C] — C:ZHP
[2013/08/29 22:02:10 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingRadiocom
[2013/08/29 22:02:05 | 000,000,000 | —D | C] — C:UsersAdministrateurRichMedia
[2013/08/29 22:02:05 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalRadiocom
[2013/08/28 19:51:21 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky Anti-Virus 2013
[2013/08/28 19:50:59 | 000,064,856 | —- | C] (Kaspersky Lab) — C:windowsSysNativeklfphc.dll
[2013/08/28 19:50:00 | 000,000,000 | —D | C] — C:windowsELAMBKUP
[2013/08/28 19:49:54 | 000,000,000 | —D | C] — C:ProgramDataKaspersky Lab
[2013/08/28 19:49:54 | 000,000,000 | —D | C] — C:Program Files (x86)Kaspersky Lab
[2013/08/28 19:49:21 | 000,620,128 | —- | C] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklif.sys
[2013/08/28 19:49:21 | 000,090,208 | —- | C] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklflt.sys
[2013/08/28 18:51:18 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsRich Media Player
[2013/08/28 18:50:55 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalRich Media Player
[2013/08/28 03:45:25 | 000,000,000 | —D | C] — C:ProgramDataBDLogging
[2013/08/28 03:45:14 | 000,511,328 | —- | C] (Microsoft Corporation) — C:windowscapicom.dll
[2013/08/28 02:32:01 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingQuickScan
[2013/08/28 02:27:54 | 000,000,000 | —D | C] — C:Program FilesBitdefender
[2013/08/28 02:17:27 | 000,000,000 | —D | C] — C:Program FilesCommon FilesBitdefender
[2013/08/27 01:23:34 | 000,000,000 | –SD | C] — C:windowsSysWow64Microsoft
[2013/08/26 22:34:51 | 000,000,000 | RHSD | C] — C:Autorun.inf
[2013/08/25 20:07:42 | 000,000,000 | —D | C] — C:UsbFix
[2013/08/14 16:46:34 | 000,391,168 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ieui.dll
[2013/08/14 16:46:33 | 000,526,336 | —- | C] (Microsoft Corporation) — C:windowsSysNativeieui.dll
[2013/08/14 16:46:30 | 000,109,056 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iesysprep.dll
[2013/08/14 16:46:30 | 000,089,600 | —- | C] (Microsoft Corporation) — C:windowsSysNativeRegisterIEPKEYs.exe
[2013/08/14 16:46:30 | 000,071,680 | —- | C] (Microsoft Corporation) — C:windowsSysWow64RegisterIEPKEYs.exe
[2013/08/14 16:46:30 | 000,067,072 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiesetup.dll
[2013/08/14 16:46:30 | 000,061,440 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iesetup.dll
[2013/08/14 16:46:30 | 000,051,712 | —- | C] (Microsoft Corporation) — C:windowsSysNativeie4uinit.exe
[2013/08/14 16:46:30 | 000,039,936 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiernonce.dll
[2013/08/14 16:46:30 | 000,033,280 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iernonce.dll
[2013/08/14 16:46:29 | 000,136,704 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiesysprep.dll
[2013/08/14 16:46:24 | 000,855,552 | —- | C] (Microsoft Corporation) — C:windowsSysNativejscript.dll
[2013/08/14 16:46:24 | 000,603,136 | —- | C] (Microsoft Corporation) — C:windowsSysNativemsfeeds.dll
[2013/08/14 16:46:23 | 003,958,784 | —- | C] (Microsoft Corporation) — C:windowsSysNativejscript9.dll
[2013/08/14 16:46:23 | 000,690,688 | —- | C] (Microsoft Corporation) — C:windowsSysWow64jscript.dll
[2013/08/13 21:29:09 | 001,472,512 | —- | C] (Microsoft Corporation) — C:windowsSysNativecrypt32.dll
[2013/08/13 21:29:08 | 000,224,256 | —- | C] (Microsoft Corporation) — C:windowsSysNativewintrust.dll
[2013/08/13 21:29:07 | 000,139,776 | —- | C] (Microsoft Corporation) — C:windowsSysNativecryptnet.dll
[2013/08/13 21:27:41 | 001,888,768 | —- | C] (Microsoft Corporation) — C:windowsSysNativeWMVDECOD.DLL
[2013/08/13 21:27:40 | 001,620,992 | —- | C] (Microsoft Corporation) — C:windowsSysWow64WMVDECOD.DLL
[2013/08/13 21:27:39 | 001,217,024 | —- | C] (Microsoft Corporation) — C:windowsSysNativerpcrt4.dll
[2013/08/13 21:27:34 | 003,913,664 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntoskrnl.exe
[2013/08/13 21:27:32 | 003,968,960 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntkrnlpa.exe
[2013/08/13 21:27:31 | 005,550,528 | —- | C] (Microsoft Corporation) — C:windowsSysNativentoskrnl.exe
[2013/08/13 21:27:31 | 001,732,032 | —- | C] (Microsoft Corporation) — C:windowsSysNativentdll.dll
[2013/08/13 21:27:30 | 000,243,712 | —- | C] (Microsoft Corporation) — C:windowsSysNativewow64.dll
[2013/08/13 21:27:29 | 000,014,336 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntvdm64.dll
[2013/08/13 21:27:28 | 000,025,600 | —- | C] (Microsoft Corporation) — C:windowsSysWow64setup16.exe
[2013/08/13 21:27:28 | 000,005,120 | —- | C] (Microsoft Corporation) — C:windowsSysWow64wow32.dll
[2013/08/13 21:27:27 | 000,007,680 | —- | C] (Microsoft Corporation) — C:windowsSysWow64instnm.exe
[2013/08/13 21:27:27 | 000,002,048 | —- | C] (Microsoft Corporation) — C:windowsSysWow64user.exe
[1 C:windows*.tmp files -> C:windows*.tmp -> ]
========== Files – Modified Within 30 Days ==========
[2013/09/10 23:59:56 | 001,566,088 | —- | M] () — C:windowsSysNativePerfStringBackup.INI
[2013/09/10 23:59:56 | 000,712,096 | —- | M] () — C:windowsSysNativeperfh00C.dat
[2013/09/10 23:59:56 | 000,622,464 | —- | M] () — C:windowsSysNativeperfh009.dat
[2013/09/10 23:59:56 | 000,133,806 | —- | M] () — C:windowsSysNativeperfc00C.dat
[2013/09/10 23:59:56 | 000,109,310 | —- | M] () — C:windowsSysNativeperfc009.dat
[2013/09/10 23:52:00 | 000,001,082 | —- | M] () — C:windowstasksGoogleUpdateTaskMachineUA.job
[2013/09/10 23:14:00 | 000,000,830 | —- | M] () — C:windowstasksAdobe Flash Player Updater.job
[2013/09/10 22:59:02 | 000,000,964 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job
[2013/09/10 22:46:00 | 000,000,924 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
[2013/09/10 21:58:11 | 000,067,584 | –S- | M] () — C:windowsbootstat.dat
[2013/09/10 19:59:01 | 000,000,942 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
[2013/09/10 19:46:00 | 000,000,902 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
[2013/09/09 14:31:56 | 000,602,112 | —- | M] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
[2013/09/09 14:11:32 | 000,001,078 | —- | M] () — C:windowstasksGoogleUpdateTaskMachineCore.job
[2013/09/09 01:50:14 | 000,038,784 | -H– | M] () — C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 01:50:14 | 000,038,784 | -H– | M] () — C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 01:42:11 | 623,069,829 | —- | M] () — C:windowsMEMORY.DMP
[2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () — C:hiberfil.sys
[2013/09/02 17:55:08 | 000,000,512 | —- | M] () — C:PhysicalDisk0_MBR.bin
[2013/08/30 04:22:17 | 000,178,448 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriverskneps.sys
[2013/08/30 04:22:17 | 000,054,368 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriverskltdi.sys
[2013/08/30 04:22:17 | 000,029,528 | —- | M] (Kaspersky Lab) — C:windowsSysNativedriversklmouflt.sys
[2013/08/30 04:22:16 | 000,620,128 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklif.sys
[2013/08/30 04:22:16 | 000,029,016 | —- | M] (Kaspersky Lab) — C:windowsSysNativedriversklkbdflt.sys
[2013/08/30 04:22:15 | 000,090,208 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklflt.sys
[2013/08/28 18:42:38 | 000,230,495 | —- | M] () — C:ProgramData1377711683.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | —- | M] () — C:ProgramData1377657701.bdinstall.bin
[2013/08/28 03:46:20 | 000,000,385 | —- | M] () — C:windowsSysNativeuser_gensett.xml
[2013/08/28 03:45:37 | 000,000,000 | -H– | M] () — C:windowsSysNativedriversMsft_Kernel_avchv_01009.Wdf
[2013/08/28 03:40:23 | 000,370,476 | —- | M] () — C:ProgramData1377653102.bdinstall.bin
[1 C:windows*.tmp files -> C:windows*.tmp -> ]
========== Files Created – No Company Name ==========
[2013/08/31 04:31:50 | 000,000,512 | —- | C] () — C:PhysicalDisk0_MBR.bin
[2013/08/28 18:42:38 | 000,230,495 | —- | C] () — C:ProgramData1377711683.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | —- | C] () — C:ProgramData1377657701.bdinstall.bin
[2013/08/28 03:46:20 | 000,000,385 | —- | C] () — C:windowsSysNativeuser_gensett.xml
[2013/08/28 03:45:37 | 000,000,000 | -H– | C] () — C:windowsSysNativedriversMsft_Kernel_avchv_01009.Wdf
[2013/08/28 03:40:23 | 000,370,476 | —- | C] () — C:ProgramData1377653102.bdinstall.bin
[2013/07/27 10:22:55 | 000,000,708 | —- | C] () — C:UsersAdministrateurBibliothèques – Raccourci.lnk
[2013/03/20 16:29:00 | 001,590,564 | —- | C] () — C:windowsSysWow64PerfStringBackup.INI
[2013/03/12 18:52:42 | 000,000,382 | —- | C] () — C:windowsODBC.INI
[2013/01/06 22:55:35 | 000,000,293 | —- | C] () — C:windowsgame.ini
[2012/11/30 18:23:17 | 000,000,000 | —- | C] () — C:windowsToDisc.INI
[2012/04/07 17:14:14 | 000,128,312 | —- | C] () — C:windowsSysWow64GFNEX.dll
[2012/04/07 17:12:39 | 000,028,528 | —- | C] () — C:windowsrlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2012/04/07 17:09:55 | 000,451,072 | —- | C] () — C:windowsSysWow64ISSRemoveSP.exe
[2012/04/07 17:03:23 | 000,000,000 | —- | C] () — C:windowsativpsrm.bin
[2012/04/07 17:00:51 | 000,204,960 | —- | C] () — C:windowsSysWow64ativvsvl.dat
[2012/04/07 17:00:51 | 000,157,152 | —- | C] () — C:windowsSysWow64ativvsva.dat
[2012/04/07 17:00:51 | 000,003,917 | —- | C] () — C:windowsSysWow64atipblag.dat
[2012/01/20 12:49:58 | 000,059,904 | —- | C] () — C:windowsSysWow64OpenVideo.dll
[2012/01/20 12:49:48 | 000,054,784 | —- | C] () — C:windowsSysWow64OVDecode.dll
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () — C:windowsassemblyDesktop.ini
[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64
[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]
[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
“” = C:WindowsSysNativeshell32.dll — [2013/02/27 06:52:56 | 014,172,672 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment
[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
“” = %SystemRoot%system32shell32.dll — [2013/02/27 05:55:05 | 012,872,704 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment
[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64
“” = C:WindowsSysNativewbemfastprox.dll — [2009/07/14 02:40:51 | 000,909,312 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Free
[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
“” = %systemroot%system32wbemfastprox.dll — [2010/11/21 04:24:25 | 000,606,208 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Free
[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64
“” = C:WindowsSysNativewbemwbemess.dll — [2009/07/14 02:41:56 | 000,505,856 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Both
[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]
========== LOP Check ==========
[2013/09/10 21:58:36 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingInternetEverywhere
[2013/05/17 12:52:12 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingNotepad++
[2013/05/19 20:13:30 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingPowerISO
[2013/08/28 02:32:01 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingQuickScan
[2013/08/29 22:02:10 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingRadiocom
[2013/07/24 07:37:14 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingTheta
[2013/06/03 14:08:48 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingToshiba
[2013/07/04 04:51:53 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingUnity
[2013/07/20 12:30:21 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingWildTangent
[2013/01/01 15:25:14 | 000,000,000 | —D | M] — C:UsersInvitéAppDataRoamingInternetEverywhere
[2012/12/15 17:40:50 | 000,000,000 | —D | M] — C:UsersInvitéAppDataRoamingToshiba
========== Purity Check ==========
========== Custom Scans ==========

[2011/12/28 04:59:24 | 000,498,688 | —- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 — C:windowsSysNativedriversafd.sys
[2011/12/28 04:59:24 | 000,498,688 | —- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5afd.sys
[2011/12/28 05:01:36 | 000,498,176 | —- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345afd.sys
[2010/11/21 04:24:08 | 000,499,712 | —- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991afd.sys
[2011/04/25 03:34:03 | 000,499,200 | —- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170afd.sys
[2011/04/25 04:09:35 | 000,499,200 | —- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4afd.sys

[2011/02/26 06:19:21 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652dexplorer.exe
[2011/02/25 07:19:30 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 — C:Windowsexplorer.exe
[2011/02/25 07:19:30 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0baexplorer.exe
[2011/02/26 07:14:34 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafbexplorer.exe
[2011/02/25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E — C:WindowsSysWOW64explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | —- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900explorer.exe

[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativedriversi8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativeDriverStoreFileRepositorykeyboard.inf_amd64_neutral_0684fdc43059f486i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativeDriverStoreFileRepositorymsmouse.inf_amd64_neutral_7a5f47d3150cc0ebi8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:Windowswinsxsamd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bfi8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:Windowswinsxsamd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9i8042prt.sys

[2009/07/14 02:39:16 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3flsass.exe
[2012/06/04 08:51:10 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279clsass.exe
[2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:windowsSysNativelsass.exe
[2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20dlsass.exe
[2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5elsass.exe

[2010/11/21 04:23:51 | 000,261,632 | —- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 — C:windowsSysNativedriversnetbt.sys
[2010/11/21 04:23:51 | 000,261,632 | —- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 — C:Windowswinsxsamd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6netbt.sys

[2009/07/14 02:14:41 | 000,020,992 | —- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe
[2011/03/01 09:10:51 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391svchost.exe
[2011/03/01 09:07:49 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 — C:windowsSysNativesvchost.exe
[2011/03/01 09:07:49 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937svchost.exe
[2011/03/01 09:07:49 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25bsvchost.exe
[2013/04/04 14:50:32 | 000,218,184 | —- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC — C:Program Files (x86)Malwarebytes’ Anti-MalwareChameleonsvchost.exe
[2009/07/14 02:39:46 | 000,027,136 | —- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48csvchost.exe
[2011/03/01 09:05:31 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 — C:WindowsSysWOW64svchost.exe
[2011/03/01 09:05:31 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801svchost.exe

[2012/10/03 18:56:54 | 001,914,248 | —- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88tcpip.sys
[2011/09/29 18:41:37 | 001,912,176 | —- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69ctcpip.sys
[2013/05/08 07:14:42 | 001,900,392 | —- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0tcpip.sys
[2010/11/21 04:24:08 | 001,924,480 | —- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37tcpip.sys
[2012/08/22 19:06:13 | 001,901,936 | —- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145tcpip.sys
[2012/03/30 11:26:36 | 001,901,424 | —- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23atcpip.sys
[2011/04/25 06:33:51 | 001,923,968 | —- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316tcpip.sys
[2013/05/08 07:39:01 | 001,910,632 | —- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96btcpip.sys
[2012/03/30 12:35:47 | 001,918,320 | —- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740dtcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | —- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2ftcpip.sys
[2013/01/03 07:00:54 | 001,913,192 | —- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143atcpip.sys
[2011/04/25 07:16:34 | 001,927,552 | —- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357atcpip.sys
[2013/01/04 06:47:43 | 001,901,416 | —- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8tcpip.sys
[2011/03/19 08:45:16 | 001,927,552 | —- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9dtcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | —- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | —- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 — C:windowsSysNativedriverstcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | —- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81btcpip.sys
[2011/03/19 08:39:54 | 001,924,480 | —- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20tcpip.sys
[2012/08/22 19:12:50 | 001,913,200 | —- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668tcpip.sys
[2011/09/29 17:29:28 | 001,923,952 | —- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3ebtcpip.sys

[2010/11/21 04:23:55 | 000,026,624 | —- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 — C:WindowsSysWOW64userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | —- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 — C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | —- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 — C:windowsSysNativeuserinit.exe
[2010/11/21 04:24:28 | 000,030,720 | —- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 — C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824cuserinit.exe

[2010/11/21 04:23:47 | 000,295,808 | —- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 — C:windowsSysNativeDriverStoreFileRepositoryvolume.inf_amd64_neutral_df8bea40ac96ca21volsnap.sys
[2010/11/21 04:23:47 | 000,295,808 | —- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850evolsnap.sys
[2011/02/25 07:28:30 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9volsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:windowsSysNativedriversvolsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:windowsSysNativeDriverStoreFileRepositoryvolume.inf_amd64_neutral_e7c4cd5b40e03494volsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8volsnap.sys

[2009/07/14 02:39:52 | 000,129,024 | —- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA — C:windowsSysNativewininit.exe
[2009/07/14 02:39:52 | 000,129,024 | —- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA — C:Windowswinsxsamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | —- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 — C:WindowsSysWOW64wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | —- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 — C:Windowswinsxsx86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13wininit.exe

[2010/11/21 04:24:29 | 000,390,656 | —- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 — C:windowsSysNativewinlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | —- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 — C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | —- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC — C:Program Files (x86)Malwarebytes’ Anti-MalwareChameleonwinlogon.exe

[2013/07/20 12:30:29 | 001,012,600 | —- | M] (WildTangent) — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-toshiba.exe
[2013/07/20 12:30:03 | 001,012,592 | —- | M] (WildTangent) — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-wildgames.exe
[2013/07/20 12:29:51 | 000,000,179 | —- | M] () — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-wildgames.exe_filedata
[2013/07/20 12:30:23 | 000,000,177 | —- | M] () — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-toshiba.exe_filedata

[2013/08/28 03:40:23 | 000,370,476 | —- | M] () — C:ProgramData1377653102.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | —- | M] () — C:ProgramData1377657701.bdinstall.bin
[2013/08/28 18:42:38 | 000,230,495 | —- | M] () — C:ProgramData1377711683.bdinstall.bin
[2013/08/28 02:22:25 | 000,262,144 | —- | M] () — C:ProgramDatantuser.dat
[2013/08/28 02:22:37 | 000,005,120 | -HS- | M] () — C:ProgramDatantuser.dat.LOG1
[2013/08/28 02:22:25 | 000,000,000 | -HS- | M] () — C:ProgramDatantuser.dat.LOG2
[2013/08/28 02:22:26 | 000,065,536 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
[2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms
[2013/08/28 02:22:36 | 000,065,536 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
[2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms

[2013/08/28 18:41:46 | 000,002,691 | —- | M] () — C:bdlog.txt
[2010/11/21 04:23:51 | 000,383,786 | RHS- | M] () — C:bootmgr
[2012/03/15 20:26:49 | 000,008,192 | —- | M] () — C:BOOTSECT.BAK
[2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () — C:hiberfil.sys
[2013/09/09 01:42:11 | 2105,335,807 | -HS- | M] () — C:pagefile.sys
[2013/09/02 17:55:08 | 000,000,512 | —- | M] () — C:PhysicalDisk0_MBR.bin
[2013/08/26 22:33:21 | 000,012,060 | —- | M] () — C:UsbFix [Clean 3] USER-TOSH.txt
[2013/08/26 22:35:03 | 000,002,944 | —- | M] () — C:UsbFix [Listing 1 ] USER-TOSH.txt
[2013/09/05 00:42:38 | 000,004,534 | —- | M] () — C:UsbFix [Listing 2 ] USER-TOSH.txt
[2013/08/25 23:35:12 | 000,010,964 | —- | M] () — C:UsbFix [Scan 1] USER-TOSH.txt
[2013/08/26 22:21:47 | 000,010,191 | —- | M] () — C:UsbFix [Scan 2] USER-TOSH.txt
[2013/08/28 01:36:31 | 000,010,853 | —- | M] () — C:UsbFix [Scan 5] USER-TOSH.txt
[2013/08/30 02:24:24 | 000,009,829 | —- | M] () — C:UsbFix [Scan 6] USER-TOSH.txt

[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () — C:Program Files (x86)desktop.ini

[2012/11/07 09:27:01 | 000,002,446 | —- | M] () — C:Program Files (x86)Internet Explorerdebug.log
[2013/06/23 03:11:56 | 000,024,576 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerExtExport.exe
[2013/06/23 03:11:56 | 000,002,843 | —- | M] () — C:Program Files (x86)Internet Explorerie9props.propdesc
[2013/06/23 03:11:56 | 000,697,344 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Exploreriedvtool.dll
[2013/06/23 03:11:56 | 000,467,456 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerieinstal.exe
[2013/06/23 03:11:56 | 000,222,208 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerielowutil.exe
[2013/07/26 04:11:59 | 000,257,536 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerieproxy.dll
[2013/07/26 04:12:00 | 000,236,032 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerIEShims.dll
[2013/07/26 04:49:06 | 000,770,648 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Exploreriexplore.exe
[2013/06/23 03:11:56 | 000,440,320 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsdbgui.dll
[2013/07/26 04:12:04 | 000,108,032 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsdebuggeride.dll
[2013/06/23 03:11:56 | 000,052,224 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerJSProfilerCore.dll
[2013/06/23 03:11:56 | 000,147,456 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsprofilerui.dll
[2013/06/23 03:11:56 | 000,285,080 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorermsdbg2.dll
[2013/06/23 03:11:56 | 000,294,400 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorernetworkinspection.dll
[2013/06/23 03:11:56 | 000,392,080 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerpdm.dll
[2013/06/23 03:11:56 | 000,070,568 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerpdmproxy100.dll
[2013/07/26 04:13:06 | 000,218,112 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorersqmapi.dll
kazanastra
9 octobre 2013 à 21 h 34 min
Nombre d'articles : 0
#171541

[2013/07/27 10:22:55 | 000,000,708 | —- | M] () — C:UsersAdministrateurBibliothèques – Raccourci.lnk
[2013/09/11 00:08:45 | 003,670,016 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT
[2013/09/11 00:08:45 | 000,262,144 | -HS- | M] () — C:UsersAdministrateurntuser.dat.LOG1
[2013/05/15 21:41:56 | 000,000,000 | -HS- | M] () — C:UsersAdministrateurntuser.dat.LOG2
[2013/05/15 21:59:41 | 000,065,536 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013/05/15 21:41:56 | 000,000,020 | -HS- | M] () — C:UsersAdministrateurntuser.ini

[2013/08/27 01:23:47 | 000,262,144 | —- | M] () — C:windowssystem32configsystemprofileNtUser.dat
[2013/08/27 01:23:47 | 000,005,120 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat.LOG1
[2013/08/27 01:23:47 | 000,000,000 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat.LOG2
[2013/08/27 01:23:47 | 000,065,536 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TM.blf
[2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms

[1 C:windows*.tmp files -> C:windows*.tmp -> ]

[2013/06/23 03:02:47 | 000,010,752 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,584 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/23 03:02:47 | 000,002,560 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/23 03:02:47 | 000,005,632 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,072 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,009,728 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/23 03:02:47 | 000,005,632 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/23 03:02:47 | 000,004,096 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,072 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/09 05:46:31 | 001,166,848 | —- | M] (Microsoft Corporation) — C:windowssystem32crypt32.dll
[2013/07/09 05:46:31 | 000,103,936 | —- | M] (Microsoft Corporation) — C:windowssystem32cryptnet.dll
[2013/07/09 05:46:31 | 000,140,288 | —- | M] (Microsoft Corporation) — C:windowssystem32cryptsvc.dll
[2013/06/23 03:02:47 | 003,419,136 | —- | M] (Microsoft Corporation) — C:windowssystem32d2d1.dll
[2013/06/23 03:02:47 | 001,080,832 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10.dll
[2013/06/23 03:02:47 | 000,220,160 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10core.dll
[2013/06/23 03:02:47 | 000,604,160 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10level9.dll
[2013/06/23 03:02:47 | 001,988,096 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10warp.dll
[2013/06/23 03:02:47 | 000,161,792 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10_1.dll
[2013/06/23 03:02:47 | 000,249,856 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10_1core.dll
[2013/06/23 03:02:47 | 000,293,376 | —- | M] (Microsoft Corporation) — C:windowssystem32dxgi.dll
[2013/06/23 03:11:56 | 000,357,888 | —- | M] (Microsoft Corporation) — C:windowssystem32dxtmsft.dll
[2013/06/23 03:11:56 | 000,226,816 | —- | M] (Microsoft Corporation) — C:windowssystem32dxtrans.dll
[2013/06/23 03:11:56 | 000,185,344 | —- | M] (Microsoft Corporation) — C:windowssystem32elshyph.dll
[2013/06/23 03:11:56 | 000,069,120 | —- | M] (Microsoft Corporation) — C:windowssystem32icardie.dll
[2013/06/23 03:11:56 | 000,110,592 | —- | M] (Microsoft Corporation) — C:windowssystem32IEAdvpack.dll
[2013/06/23 03:11:56 | 000,629,248 | —- | M] (Microsoft Corporation) — C:windowssystem32ieapfltr.dll
[2013/06/23 03:11:56 | 000,242,200 | —- | M] (Microsoft Corporation) — C:windowssystem32iedkcs32.dll
[2013/07/26 04:11:59 | 013,761,024 | —- | M] (Microsoft Corporation) — C:windowssystem32ieframe.dll
[2013/06/23 03:11:56 | 000,117,248 | —- | M] (Microsoft Corporation) — C:windowssystem32iepeers.dll
[2013/07/26 04:11:59 | 000,033,280 | —- | M] (Microsoft Corporation) — C:windowssystem32iernonce.dll
[2013/07/26 04:12:00 | 002,048,512 | —- | M] (Microsoft Corporation) — C:windowssystem32iertutil.dll
[2013/07/26 04:12:00 | 000,061,440 | —- | M] (Microsoft Corporation) — C:windowssystem32iesetup.dll
[2013/07/26 04:12:00 | 000,109,056 | —- | M] (Microsoft Corporation) — C:windowssystem32iesysprep.dll
[2013/07/26 04:12:00 | 000,391,168 | —- | M] (Microsoft Corporation) — C:windowssystem32ieui.dll
[2013/06/23 03:11:56 | 000,038,400 | —- | M] (Microsoft Corporation) — C:windowssystem32imgutil.dll
[2013/06/23 03:11:56 | 000,082,432 | —- | M] (Microsoft Corporation) — C:windowssystem32inseng.dll
[2013/07/26 04:12:04 | 000,690,688 | —- | M] (Microsoft Corporation) — C:windowssystem32jscript.dll
[2013/07/26 04:12:04 | 002,877,440 | —- | M] (Microsoft Corporation) — C:windowssystem32jscript9.dll
[2013/07/26 04:12:05 | 000,039,936 | —- | M] (Microsoft Corporation) — C:windowssystem32jsproxy.dll
[2013/06/23 03:11:56 | 000,023,040 | —- | M] (Microsoft Corporation) — C:windowssystem32licmgr10.dll
[2013/07/26 04:12:22 | 000,493,056 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeeds.dll
[2013/06/23 03:11:56 | 000,041,984 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeedsbs.dll
[2013/07/26 04:12:23 | 014,329,344 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtml.dll
[2013/06/23 03:11:56 | 000,079,872 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmled.dll
[2013/06/23 03:11:56 | 000,048,640 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmler.dll
[2013/06/23 03:11:56 | 000,719,360 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmlmedia.dll
[2013/06/23 03:11:56 | 000,158,720 | —- | M] (Microsoft Corporation) — C:windowssystem32msls31.dll
[2013/06/23 03:02:47 | 002,284,544 | —- | M] (Microsoft Corporation) — C:windowssystem32msmpeg2vdec.dll
[2013/06/23 03:11:56 | 000,163,840 | —- | M] (Microsoft Corporation) — C:windowssystem32msrating.dll
[2013/07/09 05:53:47 | 001,292,192 | —- | M] (Microsoft Corporation) — C:windowssystem32ntdll.dll
[2013/07/09 03:49:39 | 000,014,336 | —- | M] (Microsoft Corporation) — C:windowssystem32ntvdm64.dll
[2013/06/23 03:11:56 | 000,125,440 | —- | M] (Microsoft Corporation) — C:windowssystem32occache.dll
[2013/06/23 03:11:56 | 000,057,344 | —- | M] (Microsoft Corporation) — C:windowssystem32pngfilt.dll
[2013/07/09 05:52:33 | 000,663,552 | —- | M] (Microsoft Corporation) — C:windowssystem32rpcrt4.dll
[2013/07/19 02:41:01 | 000,002,048 | —- | M] (Microsoft Corporation) — C:windowssystem32tzres.dll
[2013/06/23 03:02:46 | 000,187,392 | —- | M] (Microsoft Corporation) — C:windowssystem32UIAnimation.dll
[2013/06/23 03:11:56 | 000,232,960 | —- | M] (Microsoft Corporation) — C:windowssystem32url.dll
[2013/07/26 04:13:14 | 001,141,248 | —- | M] (Microsoft Corporation) — C:windowssystem32urlmon.dll
[2013/06/23 03:11:56 | 000,523,264 | —- | M] (Microsoft Corporation) — C:windowssystem32vbscript.dll
[2013/06/23 03:11:56 | 000,204,800 | —- | M] (Microsoft Corporation) — C:windowssystem32webcheck.dll
[2013/06/23 03:02:47 | 000,207,872 | —- | M] (Microsoft Corporation) — C:windowssystem32WindowsCodecsExt.dll
[2013/07/26 04:13:24 | 001,767,936 | —- | M] (Microsoft Corporation) — C:windowssystem32wininet.dll
[2013/07/09 05:52:10 | 000,175,104 | —- | M] (Microsoft Corporation) — C:windowssystem32wintrust.dll
[2013/06/23 03:02:47 | 000,417,792 | —- | M] (Microsoft Corporation) — C:windowssystem32WMPhoto.dll
[2013/07/25 09:57:27 | 001,620,992 | —- | M] (Microsoft Corporation) — C:windowssystem32WMVDECOD.DLL
[2013/07/09 05:52:33 | 000,005,120 | —- | M] (Microsoft Corporation) — C:windowssystem32wow32.dll
[2013/06/23 03:02:47 | 000,364,544 | —- | M] (Microsoft Corporation) — C:windowssystem32XpsGdiConverter.dll
[2013/06/23 03:02:47 | 001,158,144 | —- | M] (Microsoft Corporation) — C:windowssystem32XpsPrint.dll

[2013/06/13 01:17:56 | 000,692,104 | —- | M] (Adobe Systems Incorporated) — C:windowssystem32FlashPlayerApp.exe
[2013/06/23 03:11:56 | 000,137,216 | —- | M] (Microsoft Corporation) — C:windowssystem32ieUnatt.exe
[2013/06/23 03:11:56 | 000,150,528 | —- | M] (Microsoft Corporation) — C:windowssystem32iexpress.exe
[2013/07/09 03:49:41 | 000,007,680 | —- | M] (Microsoft Corporation) — C:windowssystem32instnm.exe
[2013/06/23 03:11:56 | 000,011,776 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeedssync.exe
[2013/06/23 03:11:56 | 000,012,800 | —- | M] (Microsoft Corporation) — C:windowssystem32mshta.exe
[2013/07/09 06:03:34 | 003,968,960 | —- | M] (Microsoft Corporation) — C:windowssystem32ntkrnlpa.exe
[2013/07/09 06:03:34 | 003,913,664 | —- | M] (Microsoft Corporation) — C:windowssystem32ntoskrnl.exe
[2013/07/26 02:59:38 | 000,071,680 | —- | M] (Microsoft Corporation) — C:windowssystem32RegisterIEPKEYs.exe
[2013/06/23 03:11:56 | 000,073,728 | —- | M] (Microsoft Corporation) — C:windowssystem32SetIEInstalledDate.exe
[2013/07/09 03:49:42 | 000,025,600 | —- | M] (Microsoft Corporation) — C:windowssystem32setup16.exe
[2013/07/09 03:49:38 | 000,002,048 | —- | M] (Microsoft Corporation) — C:windowssystem32user.exe
[2013/06/23 03:11:56 | 000,138,752 | —- | M] (Microsoft Corporation) — C:windowssystem32wextract.exe

[2010/11/21 04:25:07 | 000,238,080 | —- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 — C:windowsassemblyGAC_32BDATunePIA6.1.0.0__31bf3856ad364e35BDATunePIA.dll
[2010/11/21 04:24:01 | 000,069,120 | —- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 — C:windowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
[2009/07/14 02:22:13 | 000,139,264 | —- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 — C:windowsassemblyGAC_32ehexthost326.1.0.0__31bf3856ad364e35ehexthost32.exe
[2009/07/13 22:04:37 | 000,002,274 | —- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 — C:windowsassemblyGAC_32ehexthost326.1.0.0__31bf3856ad364e35ehexthost32.exe.config
[2010/11/21 04:24:26 | 000,072,192 | —- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 — C:windowsassemblyGAC_32ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
[2010/11/21 04:25:07 | 000,134,656 | —- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE — C:windowsassemblyGAC_32mcstoredb6.1.0.0__31bf3856ad364e35mcstoredb.dll
[2009/07/14 02:24:14 | 000,507,904 | —- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C — C:windowsassemblyGAC_32Microsoft.Ink6.1.0.0__31bf3856ad364e35Microsoft.Ink.dll
[2009/07/14 02:24:28 | 000,077,824 | —- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 — C:windowsassemblyGAC_32Microsoft.Interop.Security.AzRoles2.0.0.0__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.dll
[2012/12/14 09:10:13 | 000,117,160 | —- | M] () MD5=569124F95660007F8C470D00A96CBD7D — C:windowsassemblyGAC_32Microsoft.Office.InfoPath.Client.Internal.Host.Interop12.0.0.0__71e9bce111e9429cMicrosoft.Office.Infopath.Client.Internal.Host.Interop.dll
[2010/11/21 04:25:11 | 000,163,840 | —- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 — C:windowsassemblyGAC_32Microsoft.Transactions.Bridge.Dtc3.0.0.0__b03f5f7f11d50a3aMicrosoft.Transactions.Bridge.Dtc.dll
[2012/11/10 08:29:16 | 000,367,400 | —- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 — C:windowsassemblyGAC_32Microsoft.VisualStudio.Tools.Applications.InteropAdapter8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/14 02:26:31 | 000,008,192 | —- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 — C:windowsassemblyGAC_32Microsoft.Windows.Diagnosis.SDEngine6.1.0.0__31bf3856ad364e35Microsoft.Windows.Diagnosis.SDEngine.dll
[2009/06/10 22:14:52 | 000,087,888 | —- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B — C:windowsassemblyGAC_32MSBuild3.5.0.0__b03f5f7f11d50a3aMSBuild.exe
[2009/06/10 22:14:53 | 000,001,581 | —- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 — C:windowsassemblyGAC_32MSBuild3.5.0.0__b03f5f7f11d50a3amsbuild.exe.config
[2012/11/10 08:29:07 | 001,662,976 | —- | M] () MD5=2148068617A9D2B5E08520CAD7014E64 — C:windowsassemblyGAC_32mscorcfg2.0.0.0__b03f5f7f11d50a3amscorcfg.dll
[2009/06/10 22:22:47 | 000,066,728 | —- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089big5.nlp
[2009/06/10 22:22:47 | 000,082,172 | —- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089bopomofo.nlp
[2009/06/10 22:22:58 | 000,116,756 | —- | M] () MD5=F6DFDA5A31162D848634504565F6D321 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089ksc.nlp
[2013/04/23 23:57:26 | 004,554,752 | —- | M] () MD5=F90B255442B7DF136ABE99D15036ACAB — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
[2009/06/10 22:23:13 | 000,059,342 | —- | M] () MD5=DA5748A89E22A3932387E65694B25BBB — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normidna.nlp
[2009/06/10 22:23:13 | 000,045,794 | —- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfc.nlp
[2009/06/10 22:23:13 | 000,039,284 | —- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfd.nlp
[2009/06/10 22:23:13 | 000,066,384 | —- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfkc.nlp
[2009/06/10 22:23:13 | 000,060,294 | —- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfkd.nlp
[2009/06/10 22:23:14 | 000,083,748 | —- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089prc.nlp
[2009/06/10 22:23:14 | 000,083,748 | —- | M] () MD5=901863C68E6523336CAC602FE9320ABC — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089prcp.nlp
[2009/06/10 22:23:17 | 000,262,148 | —- | M] () MD5=FB59D247F7143C3B9683A547E808A88B — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
[2009/06/10 22:23:17 | 000,020,320 | —- | M] () MD5=FF13BA175F0013D2311827E0D438C60B — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
[2009/06/10 22:23:23 | 000,028,288 | —- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089xjis.nlp
[2010/11/21 04:24:32 | 000,046,080 | —- | M] () MD5=93C4029DABC19166076BE347283AB969 — C:windowsassemblyGAC_32napcrypt6.1.0.0__31bf3856ad364e35NAPCRYPT.DLL
[2010/11/21 04:23:48 | 000,107,008 | —- | M] () MD5=E9CFC1884D1E579E82073103827FA62B — C:windowsassemblyGAC_32naphlpr6.1.0.0__31bf3856ad364e35NAPHLPR.DLL
[2009/07/13 23:04:07 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.0.Microsoft.Ink.config
[2009/07/14 02:25:25 | 000,005,632 | —- | M] () MD5=608232474C33C71F863B0866E5165C1C — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.0.Microsoft.Ink.dll
[2009/06/10 22:32:22 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:26:15 | 000,005,632 | —- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 22:32:22 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_32Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:23:30 | 000,005,632 | —- | M] () MD5=D6C077082EAA747911C212A9EB64A813 — C:windowsassemblyGAC_32Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 23:04:07 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.1.7.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.7.Microsoft.Ink.config
[2009/07/14 02:22:54 | 000,005,632 | —- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 — C:windowsassemblyGAC_32Policy.1.7.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.7.Microsoft.Ink.dll
[2009/07/13 23:04:08 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.config
[2009/07/14 02:23:04 | 000,005,632 | —- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC — C:windowsassemblyGAC_32Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.dll
[2013/04/15 23:56:15 | 004,218,880 | —- | M] () MD5=8DFB5078508924FA725C203CE179B10C — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35PresentationCore.dll
[2009/06/10 22:14:51 | 000,000,161 | —- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35PresentationFontCache.exe.config
[2013/04/19 23:55:09 | 001,737,376 | —- | M] () MD5=E0E5BB58A4C43F7DBB83352785F32DEF — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35wpfgfx_v0300.dll
[2010/11/21 04:24:15 | 000,486,400 | —- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 — C:windowsassemblyGAC_32System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
[2010/11/21 04:24:08 | 002,927,616 | —- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 — C:windowsassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll
[2010/11/21 04:24:07 | 000,258,048 | —- | M] () MD5=6DB969DF540BC71722848940D180AC08 — C:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
[2010/11/21 04:24:07 | 000,113,664 | —- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 — C:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
[2013/04/15 23:56:16 | 000,372,736 | —- | M] () MD5=962108F1B42E442AF55588CC14F4794F — C:windowsassemblyGAC_32System.Printing3.0.0.0__31bf3856ad364e35System.Printing.dll
[2009/06/10 22:23:19 | 000,261,632 | —- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 — C:windowsassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
[2013/04/19 23:55:06 | 005,283,840 | —- | M] () MD5=2D9D6335997928AE65B3DE25609CD9F0 — C:windowsassemblyGAC_32System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll

[2010/11/21 04:24:42 | 000,249,344 | —- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C — C:windowsassemblyGAC_64BDATunePIA6.1.0.0__31bf3856ad364e35BDATunePIA.dll
[2010/11/21 04:23:56 | 000,080,896 | —- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 — C:windowsassemblyGAC_64CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
[2010/11/21 04:24:22 | 000,089,600 | —- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 — C:windowsassemblyGAC_64ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
[2010/11/21 04:24:42 | 000,139,264 | —- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 — C:windowsassemblyGAC_64mcstoredb6.1.0.0__31bf3856ad364e35mcstoredb.dll
[2010/11/21 04:24:42 | 000,198,656 | —- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 — C:windowsassemblyGAC_64mcupdate6.1.0.0__31bf3856ad364e35mcupdate.exe
[2010/11/21 04:24:42 | 000,133,120 | —- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 — C:windowsassemblyGAC_64Mcx2Dvcs6.1.0.0__31bf3856ad364e35Mcx2Dvcs.dll
[2009/07/14 02:51:37 | 000,507,904 | —- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A — C:windowsassemblyGAC_64Microsoft.Ink6.1.0.0__31bf3856ad364e35Microsoft.Ink.dll
[2009/07/14 02:51:13 | 000,077,824 | —- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 — C:windowsassemblyGAC_64Microsoft.Interop.Security.AzRoles2.0.0.0__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.dll
[2011/08/17 06:28:23 | 000,315,392 | —- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Interop6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Interop.dll
[2010/11/21 04:24:42 | 000,147,968 | —- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 — C:windowsassemblyGAC_64Microsoft.MediaCenter.iTV.Media6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.iTV.Media.dll
[2010/11/21 04:24:42 | 000,056,320 | —- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Mheg6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Mheg.dll
[2010/11/21 04:24:42 | 000,114,688 | —- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Playback6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Playback.dll
[2010/11/21 04:24:42 | 000,327,168 | —- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 — C:windowsassemblyGAC_64Microsoft.MediaCenter.TV.Tuners.Interop6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2010/11/21 04:24:53 | 000,163,840 | —- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E — C:windowsassemblyGAC_64Microsoft.Transactions.Bridge.Dtc3.0.0.0__b03f5f7f11d50a3aMicrosoft.Transactions.Bridge.Dtc.dll
[2012/11/10 08:29:15 | 000,454,440 | —- | M] () MD5=78D01EA9CE232F25ACE9024E12950853 — C:windowsassemblyGAC_64Microsoft.VisualStudio.Tools.Applications.InteropAdapter8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/14 02:49:27 | 000,008,192 | —- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA — C:windowsassemblyGAC_64Microsoft.Windows.Diagnosis.SDEngine6.1.0.0__31bf3856ad364e35Microsoft.Windows.Diagnosis.SDEngine.dll
[2010/11/21 04:24:49 | 000,019,968 | —- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 — C:windowsassemblyGAC_64Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop6.1.0.0__31bf3856ad364e35Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2010/11/21 04:24:59 | 000,083,792 | —- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D — C:windowsassemblyGAC_64MSBuild3.5.0.0__b03f5f7f11d50a3aMSBuild.exe
[2009/06/10 21:31:02 | 000,001,581 | —- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 — C:windowsassemblyGAC_64MSBuild3.5.0.0__b03f5f7f11d50a3amsbuild.exe.config
[2009/06/10 21:39:44 | 000,066,728 | —- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089big5.nlp
[2009/06/10 21:39:44 | 000,082,172 | —- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089bopomofo.nlp
[2009/06/10 21:39:54 | 000,116,756 | —- | M] () MD5=F6DFDA5A31162D848634504565F6D321 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089ksc.nlp
[2013/04/23 23:56:10 | 004,567,040 | —- | M] () MD5=32B844F1DAA7912FBBB119047303E73F — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
[2009/06/10 21:40:01 | 000,059,342 | —- | M] () MD5=DA5748A89E22A3932387E65694B25BBB — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normidna.nlp
[2009/06/10 21:40:01 | 000,045,794 | —- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfc.nlp
[2009/06/10 21:40:01 | 000,039,284 | —- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfd.nlp
[2009/06/10 21:40:01 | 000,066,384 | —- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfkc.nlp
[2009/06/10 21:40:01 | 000,060,294 | —- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfkd.nlp
[2009/06/10 21:40:01 | 000,083,748 | —- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089prc.nlp
[2009/06/10 21:40:01 | 000,083,748 | —- | M] () MD5=901863C68E6523336CAC602FE9320ABC — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089prcp.nlp
[2009/06/10 21:40:02 | 000,262,148 | —- | M] () MD5=FB59D247F7143C3B9683A547E808A88B — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
[2009/06/10 21:40:02 | 000,020,320 | —- | M] () MD5=FF13BA175F0013D2311827E0D438C60B — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
[2009/06/10 21:40:10 | 000,028,288 | —- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089xjis.nlp
[2010/11/21 04:24:16 | 000,050,176 | —- | M] () MD5=E0773633E4193B183FB396192581BD86 — C:windowsassemblyGAC_64napcrypt6.1.0.0__31bf3856ad364e35NAPCRYPT.DLL
[2010/11/21 04:24:24 | 000,133,632 | —- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B — C:windowsassemblyGAC_64naphlpr6.1.0.0__31bf3856ad364e35NAPHLPR.DLL
[2009/06/10 21:51:13 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_64Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:52:10 | 000,005,120 | —- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 — C:windowsassemblyGAC_64Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 21:51:13 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_64Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:50:32 | 000,005,120 | —- | M] () MD5=265830B968EC5512E923C5482A5F5EEB — C:windowsassemblyGAC_64Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 22:54:48 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_64Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.config
[2009/07/14 02:50:49 | 000,005,120 | —- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 — C:windowsassemblyGAC_64Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.dll
[2013/04/15 23:55:18 | 003,998,208 | —- | M] () MD5=AE098D9D3BD83440C59A0C3386F4F5DD — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35PresentationCore.dll
[2009/06/10 21:30:59 | 000,000,161 | —- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35PresentationFontCache.exe.config
[2013/04/19 23:54:21 | 002,256,032 | —- | M] () MD5=6E656C325A5519A3A9D951709958CF6F — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35wpfgfx_v0300.dll
[2010/11/21 04:24:09 | 000,502,272 | —- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C — C:windowsassemblyGAC_64System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
[2010/11/21 04:24:02 | 003,095,552 | —- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B — C:windowsassemblyGAC_64System.Data2.0.0.0__b77a5c561934e089System.Data.dll
[2010/11/21 04:24:01 | 000,245,760 | —- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 — C:windowsassemblyGAC_64System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
[2010/11/21 04:24:01 | 000,133,120 | —- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 — C:windowsassemblyGAC_64System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
[2013/04/15 23:55:19 | 000,358,912 | —- | M] () MD5=D5B9510CA085D4E04BEBD2C47CD50925 — C:windowsassemblyGAC_64System.Printing3.0.0.0__31bf3856ad364e35System.Printing.dll
[2009/06/10 21:40:06 | 000,283,136 | —- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C — C:windowsassemblyGAC_64System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
[2013/04/19 23:54:20 | 005,292,032 | —- | M] () MD5=EB0E4FD11A19D25ED65ACE37277BFC7B — C:windowsassemblyGAC_64System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll

[2013/05/27 15:14:34 | 000,000,000 | -H– | M] () — C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun-1E-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock
[2013/09/01 08:53:59 | 000,118,378 | —- | M] () — C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log

[1 C:windows*.tmp files -> C:windows*.tmp -> ]

“DefaultConnectionSettings” = 46 00 00 00 7D 0B 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
“SavedLegacySettings” = 46 00 00 00 20 07 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
“Connexion r�seau” = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

Invalid Switch:

[2009/07/14 06:08:49 | 000,000,006 | -H– | C] () — C:windowsTasksSA.DAT
[2009/07/14 06:08:49 | 000,032,496 | —- | C] () — C:windowsTasksSCHEDLGU.TXT
[2012/03/14 21:17:22 | 000,000,830 | —- | C] () — C:windowsTasksAdobe Flash Player Updater.job
[2012/03/14 21:22:55 | 000,001,078 | —- | C] () — C:windowsTasksGoogleUpdateTaskMachineCore.job
[2012/03/14 21:22:57 | 000,001,082 | —- | C] () — C:windowsTasksGoogleUpdateTaskMachineUA.job
[2012/11/30 19:41:37 | 000,000,902 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
[2012/11/30 19:41:38 | 000,000,924 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
[2013/06/09 19:54:14 | 000,000,942 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
[2013/06/09 19:54:15 | 000,000,964 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job
Evasion60
Participant
9 octobre 2013 à 21 h 37 min
Nombre d'articles : 1557
#171542
:hello: Bonsoir
*** Une infection doit être réglée le plus rapidement possible, pour éviter sa propagation dans le PC ***
C’est une plaisanterie =>
par kazanastra » 04 Sep 2013 04:48
Pour info, nous sommes le 09/10/2013 !
Edité =>
De plus le script de correction, n’a pas été appliqué :faché15:
SoSVirus n’est pas un Super-Marché !
kazanastra
9 octobre 2013 à 22 h 49 min
Nombre d'articles : 0
#171543
salut , désolé j avais pas de connexion sur mon pc d’apres ce temps la , mon clé orange a été endommagé ,.. bref ;
All processes killed
========== OTL ==========
HKLMSOFTWAREMicrosoftInternet ExplorerMain\Secondary Start Pages| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@adobe.com/FlashPlayer not found.
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0 not found.
File C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll () => WildTangent Games not found.
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
File C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) => Toolbar.Google not found.
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry value HKEY_USERSS-1-5-19\SoftwareMicrosoftWindowsCurrentVersionRunOnce\mctadmin not found.
Registry value HKEY_USERSS-1-5-20\SoftwareMicrosoftWindowsCurrentVersionRunOnce\mctadmin not found.
Registry key HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExtAdd to Google Photos Screensa&ver not found.
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\WebCheck not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\WebCheck not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.
Folder C:Program FilesBitdefender not found.
Folder C:Program FilesCommon FilesBitdefender not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
File C:windowssystem32configsystemprofileNtUser.dat.LOG1 => Fichiers de rapport (Log) not found.
File C:windowssystem32configsystemprofileNtUser.dat.LOG2 => Fichiers de rapport (Log) not found.
C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log moved successfully.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 6884286 bytes
->Temporary Internet Files folder emptied: 1266770 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 619168556 bytes
->Flash cache emptied: 492 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: USER
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32 (64bit) .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8657771 bytes
%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2382041669 bytes
Total Files Cleaned = 2 878,00 mb
[EMPTYFLASH]
User: Administrateur
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Invité
User: Public
User: USER
Total Flash Files Cleaned = 0,00 mb
Error: Unable to interpret in the current context!
Restore point Set: OTL Restore Point
OTL by OldTimer – Version 3.2.69.0 log created on 10092013_234205
FilesFolders moved on Reboot…
C:UsersAdministrateurAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
C:UsersAdministrateurAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.
File move failed. C:windowstempvmware-Systèmevmauthd.log scheduled to be moved on reboot.
C:windowstempvmware-Systèmevmware-usbarb-3280.log moved successfully.
File move failed. C:windowstempTmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files…
Registry entries deleted on Reboot…
Evasion60
Participant
10 octobre 2013 à 8 h 08 min
Nombre d'articles : 1557
#171544
:hello: Salut
Tu as tjrs des coupures et écrans bleu avec cette machine ?
Merci de ta réponse
Téléchargez UsbFix et enregistrez-le sur votre bureau
Lien page de téléchargement: https://www.sosvirus.net/telecharger/usbfix/” onclick=”window.open(this.href);return false;
Une fois téléchargé sur votre bureau, double-cliquez sur son icone

Puis cliquez sur Exécuter pour lancer l’installation qui se fera automatiquement

Recherche des infections
Clique sur le bouton ” Recherche “
Laisse travailler l’outil
À la fin du scan, un rapport va s’afficher, poste-le dans ta prochaine réponse sur le forum
Le rapport est aussi sauvegardé à la racine du disque système => C:UsbFix [Scan X].txt
Tutoriel en images => https://www.sosvirus.net/viewtopic.php?f=204&t=3” onclick=”window.open(this.href);return false;
Suppression des infections
/! Si blocage, désactiver temporairement l’antivirus
ou
Redémarre en mode sans échec avec prise en charge du réseau
Clique sur le bouton ” Suppression “

Veuillez faire un copié/collé de ce rapport sur le forum où vous demandez de l’aide
Rappel => Ctrl A pour sélectionner tout, Ctrl C pour copier puis Ctrl V pour coller le rapport sur le forum
Le rapport est aussi sauvegardé à la racine du disque système => C:UsbFix [Clean X].txt
🙁
kazanastra
10 octobre 2013 à 14 h 51 min
Nombre d'articles : 0
#171545
merci 🙂 , non l’ écran bleu je pense qu il n’apparais plus voila les deux rapports :
############################## | UsbFix V 7.144 | [Recherche]
Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:57:26 | 10/10/2013
Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;
PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
RAM -> [Total : 6104 | Free : 4421]
Bios: Insyde Corp.
Boot: Normal boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C: (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) – 66%) [] # NTFS
D: -> CD-ROM
################## | Processus Actif |
C:windowssystem32csrss.exe (ID 808 |ParentID 688)
C:windowssystem32wininit.exe (ID 900 |ParentID 688)
C:windowssystem32csrss.exe (ID 932 |ParentID 908)
C:windowssystem32services.exe (ID 972 |ParentID 900)
C:windowssystem32lsass.exe (ID 1008 |ParentID 900)
C:windowssystem32lsm.exe (ID 1016 |ParentID 900)
C:windowssystem32svchost.exe (ID 692 |ParentID 972)
C:windowssystem32svchost.exe (ID 1072 |ParentID 972)
C:windowssystem32atiesrxx.exe (ID 1136 |ParentID 972)
C:windowssystem32winlogon.exe (ID 1176 |ParentID 908)
C:windowsSystem32svchost.exe (ID 1216 |ParentID 972)
C:windowsSystem32svchost.exe (ID 1260 |ParentID 972)
C:windowssystem32svchost.exe (ID 1292 |ParentID 972)
C:windowssystem32svchost.exe (ID 1324 |ParentID 972)
C:windowssystem32svchost.exe (ID 1620 |ParentID 972)
C:windowssystem32atieclxx.exe (ID 1668 |ParentID 1136)
C:windowssystem32svchost.exe (ID 2012 |ParentID 972)
C:WindowsSystem32GFNEXSrv.exe (ID 2040 |ParentID 972)
C:windowsSystem32spoolsv.exe (ID 1652 |ParentID 972)
C:windowssystem32taskeng.exe (ID 804 |ParentID 1324)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 2172 |ParentID 972)
C:windowssystem32hasplms.exe (ID 2312 |ParentID 972)
C:ProgramDataDatacardServiceHWDeviceService64.exe (ID 2364 |ParentID 972)
C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe (ID 2460 |ParentID 972)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe (ID 2480 |ParentID 972)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe (ID 2556 |ParentID 972)
C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGmdm.exe (ID 2600 |ParentID 972)
C:windowssystem32svchost.exe (ID 2776 |ParentID 972)
C:windowssystem32taskhost.exe (ID 2856 |ParentID 972)
C:windowssystem32Dwm.exe (ID 2936 |ParentID 1260)
C:Program Files (x86)Toshiba TEMPROTemproSvc.exe (ID 2944 |ParentID 972)
C:windowsExplorer.EXE (ID 2124 |ParentID 2916)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe (ID 1516 |ParentID 2556)
C:ProgramDataDatacardServiceDCSHelper.exe (ID 2160 |ParentID 2364)
C:windowssystem32TODDSrv.exe (ID 1776 |ParentID 972)
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 1592 |ParentID 972)
C:windowsSysWOW64vmnat.exe (ID 2684 |ParentID 972)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3112 |ParentID 972)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 3184 |ParentID 3112)
C:Program FilesTOSHIBATECOTecoService.exe (ID 3208 |ParentID 972)
C:Program Files (x86)VMwareVMware Playervmware-authd.exe (ID 3328 |ParentID 972)
C:windowsSysWOW64vmnetdhcp.exe (ID 3384 |ParentID 972)
C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe (ID 3404 |ParentID 972)
C:windowssystem32wbemwmiprvse.exe (ID 3484 |ParentID 692)
C:windowssystem32wbemunsecapp.exe (ID 3524 |ParentID 692)
C:windowssystem32svchost.exe (ID 3936 |ParentID 972)
C:windowsservicingTrustedInstaller.exe (ID 4004 |ParentID 972)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 3304 |ParentID 2124)
C:Program FilesSRS LabsSRS Control PanelSRSPanel_64.exe (ID 3772 |ParentID 2124)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2188 |ParentID 2124)
C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID 2148 |ParentID 2124)
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID 4108 |ParentID 2124)
C:Program FilesTOSHIBATECOTeco.exe (ID 4148 |ParentID 2124)
C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe (ID 4288 |ParentID 2124)
C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID 4344 |ParentID 2124)
C:Program Files (x86)TOSHIBATOSHIBA Online Product InformationTOPI.exe (ID 4452 |ParentID 2124)
C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID 4472 |ParentID 2124)
C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe (ID 4528 |ParentID 2124)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtMng.exe (ID 4572 |ParentID 2124)
C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe (ID 4664 |ParentID 2124)
C:Program FilesTOSHIBATOSHIBA Places Icon UtilityTosDIMonitor.exe (ID 4724 |ParentID 2124)
C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe (ID 4820 |ParentID 4780)
C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler64.exe (ID 4832 |ParentID 4780)
C:windowssystem32wbemwmiprvse.exe (ID 4972 |ParentID 692)
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 5096 |ParentID 4544)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2164 |ParentID 4064)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtSrv.exe (ID 4828 |ParentID 972)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 5020 |ParentID 4180)
C:windowssystem32SearchIndexer.exe (ID 4440 |ParentID 972)
C:windowssystem32svchost.exe (ID 4356 |ParentID 972)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeSrvUseMng.exe (ID 5484 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeBtMng.exe (ID 5516 |ParentID 692)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeSrvProvider.exe (ID 5604 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosA2dp.exe (ID 5632 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHid.exe (ID 5676 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHsp.exe (ID 5724 |ParentID 4572)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 5864 |ParentID 2164)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosAVRC.exe (ID 5908 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StacktosOBEX.exe (ID 4896 |ParentID 4572)
C:Program Files (x86)TOSHIBABluetooth Toshiba StacktosBtProc.exe (ID 5396 |ParentID 4896)
C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 7124 |ParentID 972)
C:UsbFixGo.exe (ID 6336 |ParentID 2920)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 6808 |ParentID 972)
C:Program Files (x86)NeroUpdateNASvc.exe (ID 2808 |ParentID 972)
C:windowssystem32sppsvc.exe (ID 6184 |ParentID 972)
C:windowsSystem32svchost.exe (ID 1552 |ParentID 972)
C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID 6768 |ParentID 972)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 5012 |ParentID 972)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID 6888 |ParentID 4228)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 7372 |ParentID 972)
C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID 7748 |ParentID 4192)
C:windowssystem32svchost.exe (ID 8120 |ParentID 972)
################## | Regedit Run |
HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [Facebook Update] – “C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-18SOFTWARE | RunOnce : [osk.exe] – osk.exe
HKUS-1-5-18SOFTWARE | RunOnce : [Application Restart #0] – C:WindowsSystem32osk.exe
################## | Éléments infectieux |
################## | Registre |
Présent! HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
################## | Vaccin |
C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
############################## | UsbFix V 7.144 | [Suppression]
Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 15:40:31 | 10/10/2013
Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;
PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
RAM -> [Total : 6104 | Free : 4933]
Bios: Insyde Corp.
Boot: Fail-safe with network boot
OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C: (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) – 66%) [] # NTFS
D: -> CD-ROM
################## | Regedit Run |
HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [Facebook Update] – “C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-18SOFTWARE | RunOnce : [osk.exe] – osk.exe
HKUS-1-5-18SOFTWARE | RunOnce : [Application Restart #0] – C:WindowsSystem32osk.exe
################## | Processus Stoppés |
Stoppé! C:windowssystem32ctfmon.exe (ID 1552 |ParentID 1508)
Stoppé! C:windowssystem32DllHost.exe (ID 1796 |ParentID 812)
################## | Éléments infectieux |
(!) Fichiers temporaires supprimés.
################## | Registre |
Supprimé! HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
################## | Listing |
[19/05/2013 – 00:36:11 | SHD ] C:$Recycle.Bin
[01/09/2013 – 07:32:28 | D ] C:AdwCleaner
[26/08/2013 – 22:34:51 | RASHD ] C:Autorun.inf
[28/08/2013 – 18:41:46 | N | 2691] C:bdlog.txt
[15/03/2012 – 20:26:46 | SHD ] C:Boot
[21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
[15/03/2012 – 20:26:49 | N | 8192] C:BOOTSECT.BAK
[11/01/2013 – 14:17:16 | D ] C:c60592a295c769f4d1820b14e0f0d2
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[19/05/2013 – 15:04:24 | D ] C:EasyPHP
[10/10/2013 – 15:39:51 | ASH | 4800225280] C:hiberfil.sys
[10/11/2012 – 08:25:46 | D ] C:IDE
[07/04/2012 – 16:58:15 | D ] C:Intel
[10/11/2012 – 08:24:40 | RHD ] C:MSOCache
[10/10/2013 – 15:39:51 | ASH | 6400303104] C:pagefile.sys
[02/09/2013 – 17:55:08 | N | 512] C:PhysicalDisk0_MBR.bin
[19/09/2013 – 00:45:40 | D ] C:Program Files
[13/09/2013 – 23:56:10 | D ] C:Program Files (x86)
[01/09/2013 – 12:54:22 | HD ] C:ProgramData
[01/09/2013 – 16:27:10 | D ] C:Sounds
[09/10/2013 – 23:43:26 | SHD ] C:System Volume Information
[16/05/2013 – 09:44:46 | D ] C:temp
[28/06/2012 – 11:12:04 | D ] C:Toshiba
[10/10/2013 – 15:43:48 | D ] C:UsbFix
[26/08/2013 – 22:33:21 | N | 12060] C:UsbFix [Clean 3] USER-TOSH.txt
[10/10/2013 – 12:16:21 | N | 11104] C:UsbFix [Clean 6] USER-TOSH.txt
[10/10/2013 – 13:06:13 | N | 9957] C:UsbFix [Clean 7] USER-TOSH.txt
[10/10/2013 – 15:44:52 | A | 5892] C:UsbFix [Clean 8] USER-TOSH.txt
[26/08/2013 – 22:35:03 | N | 2944] C:UsbFix [Listing 1 ] USER-TOSH.txt
[05/09/2013 – 00:42:38 | N | 4534] C:UsbFix [Listing 2 ] USER-TOSH.txt
[25/08/2013 – 23:35:12 | N | 10964] C:UsbFix [Scan 1] USER-TOSH.txt
[26/08/2013 – 22:21:47 | N | 10191] C:UsbFix [Scan 2] USER-TOSH.txt
[28/08/2013 – 01:36:31 | N | 10853] C:UsbFix [Scan 5] USER-TOSH.txt
[30/08/2013 – 02:24:24 | N | 9829] C:UsbFix [Scan 6] USER-TOSH.txt
[10/10/2013 – 12:15:02 | N | 12783] C:UsbFix [Scan 7] USER-TOSH.txt
[10/10/2013 – 13:05:15 | N | 11427] C:UsbFix [Scan 8] USER-TOSH.txt
[19/05/2013 – 00:37:41 | D ] C:Users
[05/10/2013 – 20:57:29 | D ] C:Windows
[03/09/2013 – 00:51:52 | D ] C:ZHP
[19/09/2013 – 00:45:37 | D ] C:_OTL
################## | Vaccin |
C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
Evasion60
Participant
10 octobre 2013 à 15 h 00 min
Nombre d'articles : 1557
#171546
:hello: Re
Source =>
J’ai placé mon flash disque sur un autre PC. Depuis, quand j’enregistre des fichiers sur disque amovible quelqu’un se transforme en d’autre fichiers nommé par des symboles et de date de création bizarres
Mise à part ton disque dur, je ne vois aucun support externe USB (flash) branché sur ta machine, pendant le passage de l’outil USBFix !
Pourquoi, puisque c’est l’objet de ta demande d’aide ici ?
Merci de me répondre
🙁
kazanastra
12 octobre 2013 à 23 h 05 min
Nombre d'articles : 0
#171537
ree , parce que l’autre membre ma dit que le flash n’est pas infecté et le problème viens du pc , a propos d’ecrant bleu il apparaît encore :/
Evasion60
Participant
12 octobre 2013 à 23 h 35 min
Nombre d'articles : 1557
#171538
:hello: Bonsoir
a propos d’ecrant bleu il apparaît encore
Note le code qu’il envoie, et publie le à la suite
Contrôle du disque dur =>
Vérifier avec fsutil
La commande fsutil permet très simplement de vérifier l’intégrité d’un disque, ce qui permet de savoir si nous devons utiliser la commande CHKDSK afin de corriger le problème
Sous XP => Démarrer // Tous les programmes // Accéssoires —> “Invite de commandes”, clic droit et “Exécuter en tant qu’administrateur”
Sous Vista/Win7 => Dans le menu Windows // Tous les programmes// Accessoires => clic droit sur “Invite de commandes” et “Exécuter en tant qu’administrateur”
Sous Win8 => Barre de charme // Rechercher => Taper « Invite de commandes» l’épingler par un clic droit. En bas à gauche “Exécuter en tant qu’administrateur”
Dans la fenêtre noire qui va s’ouvrir et derrière le curseur clignotant que vous verrez et qui suit la ligne c:windowssystem32>

Tapez en respectant les espaces ou par un copier/coller fsutil dirty query C: et appuyez sur la touche Entrée de votre clavier
Vous demandez à Windows de vérifier l’intégrité de votre partition C: ou se trouve le système d’exploitation. Une analyse va s’exécuter, patientez pendant l’opération
A l’issue de l’analyse le résultat vous sera indiqué dans la fenêtre noire, communiquez moi le
😉
kazanastra
18 octobre 2013 à 16 h 37 min
Nombre d'articles : 0
#171547
re ,le volume c: est integre , merci
Evasion60
Participant
28 septembre 2014 à 15 h 00 min
Nombre d'articles : 1557
#171548
:hello: Bonsoir
/! Je suis désolé, mais depuis le 04/09/2013 premier post, et une réponse tous les dix jours ne me conviens pas !
Pour tes problèmes d’écrans bleu/noir, je te conseille de sauvegarder tes photos, vidéos sur un support optique (CD/DVD)
Ensuite, tu formates et réinstalles ton Windows
Je ferme ton sujet
Bonne continuation 🙁
Auteur
Messages

Le sujet ‘Aider moi a trouver une solution pour désinfecter mon flash’ est fermé à de nouvelles réponses.