Aider moi a trouver une solution pour désinfecter mon flash 2013-09-04T02:48:44+00:00

SOSVirus : Dépannage PC Gratuit Support Aide à la désinfection – Forum Virus Sécurité Aider moi a trouver une solution pour désinfecter mon flash

  • Auteur
    Messages
  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonsoir

    /! Je suis désolé, mais depuis le 04/09/2013 premier post, et une réponse tous les dix jours ne me conviens pas !

    Pour tes problèmes d’écrans bleu/noir, je te conseille de sauvegarder tes photos, vidéos sur un support optique (CD/DVD)
    Ensuite, tu formates et réinstalles ton Windows
    Je ferme ton sujet

    Bonne continuation :(

  • kazanastra
    Post count: 0

    re ,le volume c: est integre , merci

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonsoir

    a propos d’ecrant bleu il apparaît encore

    Note le code qu’il envoie, et publie le à la suite

    Contrôle du disque dur =>

    Vérifier avec fsutil

    La commande fsutil permet très simplement de vérifier l’intégrité d’un disque, ce qui permet de savoir si nous devons utiliser la commande CHKDSK afin de corriger le problème

    Sous XP => Démarrer // Tous les programmes // Accéssoires —> “Invite de commandes”, clic droit et “Exécuter en tant qu’administrateur”
    Sous Vista/Win7 => Dans le menu Windows // Tous les programmes// Accessoires => clic droit sur “Invite de commandes” et “Exécuter en tant qu’administrateur”
    Sous Win8 => Barre de charme // Rechercher => Taper « Invite de commandes» l’épingler par un clic droit. En bas à gauche “Exécuter en tant qu’administrateur”

    Dans la fenêtre noire qui va s’ouvrir et derrière le curseur clignotant que vous verrez et qui suit la ligne c:windowssystem32>

    Tapez en respectant les espaces ou par un copier/coller fsutil dirty query C: et appuyez sur la touche Entrée de votre clavier
    Vous demandez à Windows de vérifier l’intégrité de votre partition C: ou se trouve le système d’exploitation. Une analyse va s’exécuter, patientez pendant l’opération
    A l’issue de l’analyse le résultat vous sera indiqué dans la fenêtre noire, communiquez moi le

    ;)

  • kazanastra
    Post count: 0

    ree , parce que l’autre membre ma dit que le flash n’est pas infecté et le problème viens du pc , a propos d’ecrant bleu il apparaît encore :/

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Re

    Source =>

    J’ai placé mon flash disque sur un autre PC. Depuis, quand j’enregistre des fichiers sur disque amovible quelqu’un se transforme en d’autre fichiers nommé par des symboles et de date de création bizarres

    Mise à part ton disque dur, je ne vois aucun support externe USB (flash) branché sur ta machine, pendant le passage de l’outil USBFix !
    Pourquoi, puisque c’est l’objet de ta demande d’aide ici ?

    Merci de me répondre

    :(

  • kazanastra
    Post count: 0

    merci :) , non l’ écran bleu je pense qu il n’apparais plus voila les deux rapports :
    ############################## | UsbFix V 7.144 | [Recherche]

    Utilisateur: Administrateur (Administrateur) # USER-TOSH
    Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 12:57:26 | 10/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
    CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    RAM -> [Total : 6104 | Free : 4421]
    Bios: Insyde Corp.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16686

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) – 66%) [] # NTFS
    D: -> CD-ROM

    ################## | Processus Actif |

    C:windowssystem32csrss.exe (ID 808 |ParentID 688)
    C:windowssystem32wininit.exe (ID 900 |ParentID 688)
    C:windowssystem32csrss.exe (ID 932 |ParentID 908)
    C:windowssystem32services.exe (ID 972 |ParentID 900)
    C:windowssystem32lsass.exe (ID 1008 |ParentID 900)
    C:windowssystem32lsm.exe (ID 1016 |ParentID 900)
    C:windowssystem32svchost.exe (ID 692 |ParentID 972)
    C:windowssystem32svchost.exe (ID 1072 |ParentID 972)
    C:windowssystem32atiesrxx.exe (ID 1136 |ParentID 972)
    C:windowssystem32winlogon.exe (ID 1176 |ParentID 908)
    C:windowsSystem32svchost.exe (ID 1216 |ParentID 972)
    C:windowsSystem32svchost.exe (ID 1260 |ParentID 972)
    C:windowssystem32svchost.exe (ID 1292 |ParentID 972)
    C:windowssystem32svchost.exe (ID 1324 |ParentID 972)
    C:windowssystem32svchost.exe (ID 1620 |ParentID 972)
    C:windowssystem32atieclxx.exe (ID 1668 |ParentID 1136)
    C:windowssystem32svchost.exe (ID 2012 |ParentID 972)
    C:WindowsSystem32GFNEXSrv.exe (ID 2040 |ParentID 972)
    C:windowsSystem32spoolsv.exe (ID 1652 |ParentID 972)
    C:windowssystem32taskeng.exe (ID 804 |ParentID 1324)
    C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 2172 |ParentID 972)
    C:windowssystem32hasplms.exe (ID 2312 |ParentID 972)
    C:ProgramDataDatacardServiceHWDeviceService64.exe (ID 2364 |ParentID 972)
    C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe (ID 2460 |ParentID 972)
    C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe (ID 2480 |ParentID 972)
    C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe (ID 2556 |ParentID 972)
    C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGmdm.exe (ID 2600 |ParentID 972)
    C:windowssystem32svchost.exe (ID 2776 |ParentID 972)
    C:windowssystem32taskhost.exe (ID 2856 |ParentID 972)
    C:windowssystem32Dwm.exe (ID 2936 |ParentID 1260)
    C:Program Files (x86)Toshiba TEMPROTemproSvc.exe (ID 2944 |ParentID 972)
    C:windowsExplorer.EXE (ID 2124 |ParentID 2916)
    C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe (ID 1516 |ParentID 2556)
    C:ProgramDataDatacardServiceDCSHelper.exe (ID 2160 |ParentID 2364)
    C:windowssystem32TODDSrv.exe (ID 1776 |ParentID 972)
    C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 1592 |ParentID 972)
    C:windowsSysWOW64vmnat.exe (ID 2684 |ParentID 972)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3112 |ParentID 972)
    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 3184 |ParentID 3112)
    C:Program FilesTOSHIBATECOTecoService.exe (ID 3208 |ParentID 972)
    C:Program Files (x86)VMwareVMware Playervmware-authd.exe (ID 3328 |ParentID 972)
    C:windowsSysWOW64vmnetdhcp.exe (ID 3384 |ParentID 972)
    C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe (ID 3404 |ParentID 972)
    C:windowssystem32wbemwmiprvse.exe (ID 3484 |ParentID 692)
    C:windowssystem32wbemunsecapp.exe (ID 3524 |ParentID 692)
    C:windowssystem32svchost.exe (ID 3936 |ParentID 972)
    C:windowsservicingTrustedInstaller.exe (ID 4004 |ParentID 972)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 3304 |ParentID 2124)
    C:Program FilesSRS LabsSRS Control PanelSRSPanel_64.exe (ID 3772 |ParentID 2124)
    C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2188 |ParentID 2124)
    C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID 2148 |ParentID 2124)
    C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID 4108 |ParentID 2124)
    C:Program FilesTOSHIBATECOTeco.exe (ID 4148 |ParentID 2124)
    C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe (ID 4288 |ParentID 2124)
    C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID 4344 |ParentID 2124)
    C:Program Files (x86)TOSHIBATOSHIBA Online Product InformationTOPI.exe (ID 4452 |ParentID 2124)
    C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID 4472 |ParentID 2124)
    C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe (ID 4528 |ParentID 2124)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtMng.exe (ID 4572 |ParentID 2124)
    C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe (ID 4664 |ParentID 2124)
    C:Program FilesTOSHIBATOSHIBA Places Icon UtilityTosDIMonitor.exe (ID 4724 |ParentID 2124)
    C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe (ID 4820 |ParentID 4780)
    C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler64.exe (ID 4832 |ParentID 4780)
    C:windowssystem32wbemwmiprvse.exe (ID 4972 |ParentID 692)
    C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 5096 |ParentID 4544)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2164 |ParentID 4064)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtSrv.exe (ID 4828 |ParentID 972)
    C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 5020 |ParentID 4180)
    C:windowssystem32SearchIndexer.exe (ID 4440 |ParentID 972)
    C:windowssystem32svchost.exe (ID 4356 |ParentID 972)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeSrvUseMng.exe (ID 5484 |ParentID 4572)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeBtMng.exe (ID 5516 |ParentID 692)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeSrvProvider.exe (ID 5604 |ParentID 4572)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosA2dp.exe (ID 5632 |ParentID 4572)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHid.exe (ID 5676 |ParentID 4572)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHsp.exe (ID 5724 |ParentID 4572)
    C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 5864 |ParentID 2164)
    C:Program Files (x86)ToshibaBluetooth Toshiba StackTosAVRC.exe (ID 5908 |ParentID 4572)
    C:Program Files (x86)ToshibaBluetooth Toshiba StacktosOBEX.exe (ID 4896 |ParentID 4572)
    C:Program Files (x86)TOSHIBABluetooth Toshiba StacktosBtProc.exe (ID 5396 |ParentID 4896)
    C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 7124 |ParentID 972)
    C:UsbFixGo.exe (ID 6336 |ParentID 2920)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 6808 |ParentID 972)
    C:Program Files (x86)NeroUpdateNASvc.exe (ID 2808 |ParentID 972)
    C:windowssystem32sppsvc.exe (ID 6184 |ParentID 972)
    C:windowsSystem32svchost.exe (ID 1552 |ParentID 972)
    C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID 6768 |ParentID 972)
    C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 5012 |ParentID 972)
    C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID 6888 |ParentID 4228)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID 7372 |ParentID 972)
    C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID 7748 |ParentID 4192)
    C:windowssystem32svchost.exe (ID 8120 |ParentID 972)

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
    HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
    HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
    HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
    HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [Facebook Update] – “C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
    HKUS-1-5-18SOFTWARE | RunOnce : [osk.exe] – osk.exe
    HKUS-1-5-18SOFTWARE | RunOnce : [Application Restart #0] – C:WindowsSystem32osk.exe

    ################## | Éléments infectieux |

    ################## | Registre |

    Présent! HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
    Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    ############################## | UsbFix V 7.144 | [Suppression]

    Utilisateur: Administrateur (Administrateur) # USER-TOSH
    Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
    Lancé à 15:40:31 | 10/10/2013

    Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: upload_malware.php
    Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
    CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    RAM -> [Total : 6104 | Free : 4933]
    Bios: Insyde Corp.
    Boot: Fail-safe with network boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16686

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) – 66%) [] # NTFS
    D: -> CD-ROM

    ################## | Regedit Run |

    HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
    HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
    HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
    HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
    HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
    HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
    HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
    HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
    HKLMSOFTWARE | RunOnce : [] –
    HKLMSOFTWAREwow6432Node | RunOnce : [] –
    HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
    HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
    HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
    HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
    HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [Facebook Update] – “C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
    HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
    HKUS-1-5-18SOFTWARE | RunOnce : [osk.exe] – osk.exe
    HKUS-1-5-18SOFTWARE | RunOnce : [Application Restart #0] – C:WindowsSystem32osk.exe

    ################## | Processus Stoppés |

    Stoppé! C:windowssystem32ctfmon.exe (ID 1552 |ParentID 1508)
    Stoppé! C:windowssystem32DllHost.exe (ID 1796 |ParentID 812)

    ################## | Éléments infectieux |

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Supprimé! HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr

    ################## | Listing |

    [19/05/2013 – 00:36:11 | SHD ] C:$Recycle.Bin
    [01/09/2013 – 07:32:28 | D ] C:AdwCleaner
    [26/08/2013 – 22:34:51 | RASHD ] C:Autorun.inf
    [28/08/2013 – 18:41:46 | N | 2691] C:bdlog.txt
    [15/03/2012 – 20:26:46 | SHD ] C:Boot
    [21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
    [15/03/2012 – 20:26:49 | N | 8192] C:BOOTSECT.BAK
    [11/01/2013 – 14:17:16 | D ] C:c60592a295c769f4d1820b14e0f0d2
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [19/05/2013 – 15:04:24 | D ] C:EasyPHP
    [10/10/2013 – 15:39:51 | ASH | 4800225280] C:hiberfil.sys
    [10/11/2012 – 08:25:46 | D ] C:IDE
    [07/04/2012 – 16:58:15 | D ] C:Intel
    [10/11/2012 – 08:24:40 | RHD ] C:MSOCache
    [10/10/2013 – 15:39:51 | ASH | 6400303104] C:pagefile.sys
    [02/09/2013 – 17:55:08 | N | 512] C:PhysicalDisk0_MBR.bin
    [19/09/2013 – 00:45:40 | D ] C:Program Files
    [13/09/2013 – 23:56:10 | D ] C:Program Files (x86)
    [01/09/2013 – 12:54:22 | HD ] C:ProgramData
    [01/09/2013 – 16:27:10 | D ] C:Sounds
    [09/10/2013 – 23:43:26 | SHD ] C:System Volume Information
    [16/05/2013 – 09:44:46 | D ] C:temp
    [28/06/2012 – 11:12:04 | D ] C:Toshiba
    [10/10/2013 – 15:43:48 | D ] C:UsbFix
    [26/08/2013 – 22:33:21 | N | 12060] C:UsbFix [Clean 3] USER-TOSH.txt
    [10/10/2013 – 12:16:21 | N | 11104] C:UsbFix [Clean 6] USER-TOSH.txt
    [10/10/2013 – 13:06:13 | N | 9957] C:UsbFix [Clean 7] USER-TOSH.txt
    [10/10/2013 – 15:44:52 | A | 5892] C:UsbFix [Clean 8] USER-TOSH.txt
    [26/08/2013 – 22:35:03 | N | 2944] C:UsbFix [Listing 1 ] USER-TOSH.txt
    [05/09/2013 – 00:42:38 | N | 4534] C:UsbFix [Listing 2 ] USER-TOSH.txt
    [25/08/2013 – 23:35:12 | N | 10964] C:UsbFix [Scan 1] USER-TOSH.txt
    [26/08/2013 – 22:21:47 | N | 10191] C:UsbFix [Scan 2] USER-TOSH.txt
    [28/08/2013 – 01:36:31 | N | 10853] C:UsbFix [Scan 5] USER-TOSH.txt
    [30/08/2013 – 02:24:24 | N | 9829] C:UsbFix [Scan 6] USER-TOSH.txt
    [10/10/2013 – 12:15:02 | N | 12783] C:UsbFix [Scan 7] USER-TOSH.txt
    [10/10/2013 – 13:05:15 | N | 11427] C:UsbFix [Scan 8] USER-TOSH.txt
    [19/05/2013 – 00:37:41 | D ] C:Users
    [05/10/2013 – 20:57:29 | D ] C:Windows
    [03/09/2013 – 00:51:52 | D ] C:ZHP
    [19/09/2013 – 00:45:37 | D ] C:_OTL

    ################## | Vaccin |

    C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Salut

    Tu as tjrs des coupures et écrans bleu avec cette machine ?
    Merci de ta réponse

    Téléchargez UsbFix et enregistrez-le sur votre bureau
    Lien page de téléchargement: https://www.sosvirus.net/telecharger/usbfix/” onclick=”window.open(this.href);return false;

    Une fois téléchargé sur votre bureau, double-cliquez sur son icone

    Puis cliquez sur Exécuter pour lancer l’installation qui se fera automatiquement

    Recherche des infections
    Clique sur le bouton ” Recherche

    Laisse travailler l’outil
    À la fin du scan, un rapport va s’afficher, poste-le dans ta prochaine réponse sur le forum
    Le rapport est aussi sauvegardé à la racine du disque système => C:UsbFix [Scan X].txt
    Tutoriel en images => https://www.sosvirus.net/viewtopic.php?f=204&t=3” onclick=”window.open(this.href);return false;

    Suppression des infections
    /! Si blocage, désactiver temporairement l’antivirus
    ou
    Redémarre en mode sans échec avec prise en charge du réseau

    Clique sur le bouton ” Suppression

    Veuillez faire un copié/collé de ce rapport sur le forum où vous demandez de l’aide
    Rappel => Ctrl A pour sélectionner tout, Ctrl C pour copier puis Ctrl V pour coller le rapport sur le forum
    Le rapport est aussi sauvegardé à la racine du disque système => C:UsbFix [Clean X].txt

    :(

  • kazanastra
    Post count: 0

    salut , désolé j avais pas de connexion sur mon pc d’apres ce temps la , mon clé orange a été endommagé ,.. bref ;
    All processes killed
    ========== OTL ==========
    HKLMSOFTWAREMicrosoftInternet ExplorerMain\Secondary Start Pages| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.
    Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@adobe.com/FlashPlayer not found.
    Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0 not found.
    File C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll () => WildTangent Games not found.
    Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
    File C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) => Toolbar.Google not found.
    Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
    Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
    Registry value HKEY_USERSS-1-5-19\SoftwareMicrosoftWindowsCurrentVersionRunOnce\mctadmin not found.
    Registry value HKEY_USERSS-1-5-20\SoftwareMicrosoftWindowsCurrentVersionRunOnce\mctadmin not found.
    Registry key HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExtAdd to Google Photos Screensa&ver not found.
    Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.
    Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.
    Folder C:Program FilesBitdefender not found.
    Folder C:Program FilesCommon FilesBitdefender not found.
    File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
    File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
    File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
    File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
    File C:windowssystem32configsystemprofileNtUser.dat.LOG1 => Fichiers de rapport (Log) not found.
    File C:windowssystem32configsystemprofileNtUser.dat.LOG2 => Fichiers de rapport (Log) not found.
    C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log moved successfully.
    File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
    File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
    File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
    File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 6884286 bytes
    ->Temporary Internet Files folder emptied: 1266770 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 619168556 bytes
    ->Flash cache emptied: 492 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Invité
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: USER

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%System32 .tmp files removed: 0 bytes
    %systemroot%System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%System32drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8657771 bytes
    %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 2382041669 bytes

    Total Files Cleaned = 2 878,00 mb

    [EMPTYFLASH]

    User: Administrateur
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Invité

    User: Public

    User: USER

    Total Flash Files Cleaned = 0,00 mb

    Error: Unable to interpret in the current context!
    Restore point Set: OTL Restore Point

    OTL by OldTimer – Version 3.2.69.0 log created on 10092013_234205

    FilesFolders moved on Reboot…
    C:UsersAdministrateurAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
    C:UsersAdministrateurAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.
    File move failed. C:windowstempvmware-Systèmevmauthd.log scheduled to be moved on reboot.
    C:windowstempvmware-Systèmevmware-usbarb-3280.log moved successfully.
    File move failed. C:windowstempTmpFile1 scheduled to be moved on reboot.

    PendingFileRenameOperations files…

    Registry entries deleted on Reboot…

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonsoir

    *** Une infection doit être réglée le plus rapidement possible, pour éviter sa propagation dans le PC ***

    C’est une plaisanterie =>
    par kazanastra » 04 Sep 2013 04:48

    Pour info, nous sommes le 09/10/2013 !

    Edité =>
    De plus le script de correction, n’a pas été appliqué :faché15:
    SoSVirus n’est pas un Super-Marché !

  • kazanastra
    Post count: 0


    [2013/07/27 10:22:55 | 000,000,708 | —- | M] () — C:UsersAdministrateurBibliothèques – Raccourci.lnk
    [2013/09/11 00:08:45 | 003,670,016 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT
    [2013/09/11 00:08:45 | 000,262,144 | -HS- | M] () — C:UsersAdministrateurntuser.dat.LOG1
    [2013/05/15 21:41:56 | 000,000,000 | -HS- | M] () — C:UsersAdministrateurntuser.dat.LOG2
    [2013/05/15 21:59:41 | 000,065,536 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2013/05/15 21:41:56 | 000,000,020 | -HS- | M] () — C:UsersAdministrateurntuser.ini


    [2013/08/27 01:23:47 | 000,262,144 | —- | M] () — C:windowssystem32configsystemprofileNtUser.dat
    [2013/08/27 01:23:47 | 000,005,120 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat.LOG1
    [2013/08/27 01:23:47 | 000,000,000 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat.LOG2
    [2013/08/27 01:23:47 | 000,065,536 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TM.blf
    [2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
    [2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms


    [1 C:windows*.tmp files -> C:windows*.tmp -> ]


    [2013/06/23 03:02:47 | 000,010,752 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/06/23 03:02:47 | 000,003,584 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/06/23 03:02:47 | 000,002,560 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/06/23 03:02:47 | 000,005,632 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/06/23 03:02:47 | 000,003,072 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/06/23 03:02:47 | 000,009,728 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/06/23 03:02:47 | 000,005,632 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/06/23 03:02:47 | 000,004,096 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/06/23 03:02:47 | 000,003,072 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-version-l1-1-0.dll
    [2013/07/09 05:46:31 | 001,166,848 | —- | M] (Microsoft Corporation) — C:windowssystem32crypt32.dll
    [2013/07/09 05:46:31 | 000,103,936 | —- | M] (Microsoft Corporation) — C:windowssystem32cryptnet.dll
    [2013/07/09 05:46:31 | 000,140,288 | —- | M] (Microsoft Corporation) — C:windowssystem32cryptsvc.dll
    [2013/06/23 03:02:47 | 003,419,136 | —- | M] (Microsoft Corporation) — C:windowssystem32d2d1.dll
    [2013/06/23 03:02:47 | 001,080,832 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10.dll
    [2013/06/23 03:02:47 | 000,220,160 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10core.dll
    [2013/06/23 03:02:47 | 000,604,160 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10level9.dll
    [2013/06/23 03:02:47 | 001,988,096 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10warp.dll
    [2013/06/23 03:02:47 | 000,161,792 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10_1.dll
    [2013/06/23 03:02:47 | 000,249,856 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10_1core.dll
    [2013/06/23 03:02:47 | 000,293,376 | —- | M] (Microsoft Corporation) — C:windowssystem32dxgi.dll
    [2013/06/23 03:11:56 | 000,357,888 | —- | M] (Microsoft Corporation) — C:windowssystem32dxtmsft.dll
    [2013/06/23 03:11:56 | 000,226,816 | —- | M] (Microsoft Corporation) — C:windowssystem32dxtrans.dll
    [2013/06/23 03:11:56 | 000,185,344 | —- | M] (Microsoft Corporation) — C:windowssystem32elshyph.dll
    [2013/06/23 03:11:56 | 000,069,120 | —- | M] (Microsoft Corporation) — C:windowssystem32icardie.dll
    [2013/06/23 03:11:56 | 000,110,592 | —- | M] (Microsoft Corporation) — C:windowssystem32IEAdvpack.dll
    [2013/06/23 03:11:56 | 000,629,248 | —- | M] (Microsoft Corporation) — C:windowssystem32ieapfltr.dll
    [2013/06/23 03:11:56 | 000,242,200 | —- | M] (Microsoft Corporation) — C:windowssystem32iedkcs32.dll
    [2013/07/26 04:11:59 | 013,761,024 | —- | M] (Microsoft Corporation) — C:windowssystem32ieframe.dll
    [2013/06/23 03:11:56 | 000,117,248 | —- | M] (Microsoft Corporation) — C:windowssystem32iepeers.dll
    [2013/07/26 04:11:59 | 000,033,280 | —- | M] (Microsoft Corporation) — C:windowssystem32iernonce.dll
    [2013/07/26 04:12:00 | 002,048,512 | —- | M] (Microsoft Corporation) — C:windowssystem32iertutil.dll
    [2013/07/26 04:12:00 | 000,061,440 | —- | M] (Microsoft Corporation) — C:windowssystem32iesetup.dll
    [2013/07/26 04:12:00 | 000,109,056 | —- | M] (Microsoft Corporation) — C:windowssystem32iesysprep.dll
    [2013/07/26 04:12:00 | 000,391,168 | —- | M] (Microsoft Corporation) — C:windowssystem32ieui.dll
    [2013/06/23 03:11:56 | 000,038,400 | —- | M] (Microsoft Corporation) — C:windowssystem32imgutil.dll
    [2013/06/23 03:11:56 | 000,082,432 | —- | M] (Microsoft Corporation) — C:windowssystem32inseng.dll
    [2013/07/26 04:12:04 | 000,690,688 | —- | M] (Microsoft Corporation) — C:windowssystem32jscript.dll
    [2013/07/26 04:12:04 | 002,877,440 | —- | M] (Microsoft Corporation) — C:windowssystem32jscript9.dll
    [2013/07/26 04:12:05 | 000,039,936 | —- | M] (Microsoft Corporation) — C:windowssystem32jsproxy.dll
    [2013/06/23 03:11:56 | 000,023,040 | —- | M] (Microsoft Corporation) — C:windowssystem32licmgr10.dll
    [2013/07/26 04:12:22 | 000,493,056 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeeds.dll
    [2013/06/23 03:11:56 | 000,041,984 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeedsbs.dll
    [2013/07/26 04:12:23 | 014,329,344 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtml.dll
    [2013/06/23 03:11:56 | 000,079,872 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmled.dll
    [2013/06/23 03:11:56 | 000,048,640 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmler.dll
    [2013/06/23 03:11:56 | 000,719,360 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmlmedia.dll
    [2013/06/23 03:11:56 | 000,158,720 | —- | M] (Microsoft Corporation) — C:windowssystem32msls31.dll
    [2013/06/23 03:02:47 | 002,284,544 | —- | M] (Microsoft Corporation) — C:windowssystem32msmpeg2vdec.dll
    [2013/06/23 03:11:56 | 000,163,840 | —- | M] (Microsoft Corporation) — C:windowssystem32msrating.dll
    [2013/07/09 05:53:47 | 001,292,192 | —- | M] (Microsoft Corporation) — C:windowssystem32ntdll.dll
    [2013/07/09 03:49:39 | 000,014,336 | —- | M] (Microsoft Corporation) — C:windowssystem32ntvdm64.dll
    [2013/06/23 03:11:56 | 000,125,440 | —- | M] (Microsoft Corporation) — C:windowssystem32occache.dll
    [2013/06/23 03:11:56 | 000,057,344 | —- | M] (Microsoft Corporation) — C:windowssystem32pngfilt.dll
    [2013/07/09 05:52:33 | 000,663,552 | —- | M] (Microsoft Corporation) — C:windowssystem32rpcrt4.dll
    [2013/07/19 02:41:01 | 000,002,048 | —- | M] (Microsoft Corporation) — C:windowssystem32tzres.dll
    [2013/06/23 03:02:46 | 000,187,392 | —- | M] (Microsoft Corporation) — C:windowssystem32UIAnimation.dll
    [2013/06/23 03:11:56 | 000,232,960 | —- | M] (Microsoft Corporation) — C:windowssystem32url.dll
    [2013/07/26 04:13:14 | 001,141,248 | —- | M] (Microsoft Corporation) — C:windowssystem32urlmon.dll
    [2013/06/23 03:11:56 | 000,523,264 | —- | M] (Microsoft Corporation) — C:windowssystem32vbscript.dll
    [2013/06/23 03:11:56 | 000,204,800 | —- | M] (Microsoft Corporation) — C:windowssystem32webcheck.dll
    [2013/06/23 03:02:47 | 000,207,872 | —- | M] (Microsoft Corporation) — C:windowssystem32WindowsCodecsExt.dll
    [2013/07/26 04:13:24 | 001,767,936 | —- | M] (Microsoft Corporation) — C:windowssystem32wininet.dll
    [2013/07/09 05:52:10 | 000,175,104 | —- | M] (Microsoft Corporation) — C:windowssystem32wintrust.dll
    [2013/06/23 03:02:47 | 000,417,792 | —- | M] (Microsoft Corporation) — C:windowssystem32WMPhoto.dll
    [2013/07/25 09:57:27 | 001,620,992 | —- | M] (Microsoft Corporation) — C:windowssystem32WMVDECOD.DLL
    [2013/07/09 05:52:33 | 000,005,120 | —- | M] (Microsoft Corporation) — C:windowssystem32wow32.dll
    [2013/06/23 03:02:47 | 000,364,544 | —- | M] (Microsoft Corporation) — C:windowssystem32XpsGdiConverter.dll
    [2013/06/23 03:02:47 | 001,158,144 | —- | M] (Microsoft Corporation) — C:windowssystem32XpsPrint.dll


    [2013/06/13 01:17:56 | 000,692,104 | —- | M] (Adobe Systems Incorporated) — C:windowssystem32FlashPlayerApp.exe
    [2013/06/23 03:11:56 | 000,137,216 | —- | M] (Microsoft Corporation) — C:windowssystem32ieUnatt.exe
    [2013/06/23 03:11:56 | 000,150,528 | —- | M] (Microsoft Corporation) — C:windowssystem32iexpress.exe
    [2013/07/09 03:49:41 | 000,007,680 | —- | M] (Microsoft Corporation) — C:windowssystem32instnm.exe
    [2013/06/23 03:11:56 | 000,011,776 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeedssync.exe
    [2013/06/23 03:11:56 | 000,012,800 | —- | M] (Microsoft Corporation) — C:windowssystem32mshta.exe
    [2013/07/09 06:03:34 | 003,968,960 | —- | M] (Microsoft Corporation) — C:windowssystem32ntkrnlpa.exe
    [2013/07/09 06:03:34 | 003,913,664 | —- | M] (Microsoft Corporation) — C:windowssystem32ntoskrnl.exe
    [2013/07/26 02:59:38 | 000,071,680 | —- | M] (Microsoft Corporation) — C:windowssystem32RegisterIEPKEYs.exe
    [2013/06/23 03:11:56 | 000,073,728 | —- | M] (Microsoft Corporation) — C:windowssystem32SetIEInstalledDate.exe
    [2013/07/09 03:49:42 | 000,025,600 | —- | M] (Microsoft Corporation) — C:windowssystem32setup16.exe
    [2013/07/09 03:49:38 | 000,002,048 | —- | M] (Microsoft Corporation) — C:windowssystem32user.exe
    [2013/06/23 03:11:56 | 000,138,752 | —- | M] (Microsoft Corporation) — C:windowssystem32wextract.exe


    [2010/11/21 04:25:07 | 000,238,080 | —- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 — C:windowsassemblyGAC_32BDATunePIA6.1.0.0__31bf3856ad364e35BDATunePIA.dll
    [2010/11/21 04:24:01 | 000,069,120 | —- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 — C:windowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
    [2009/07/14 02:22:13 | 000,139,264 | —- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 — C:windowsassemblyGAC_32ehexthost326.1.0.0__31bf3856ad364e35ehexthost32.exe
    [2009/07/13 22:04:37 | 000,002,274 | —- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 — C:windowsassemblyGAC_32ehexthost326.1.0.0__31bf3856ad364e35ehexthost32.exe.config
    [2010/11/21 04:24:26 | 000,072,192 | —- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 — C:windowsassemblyGAC_32ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
    [2010/11/21 04:25:07 | 000,134,656 | —- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE — C:windowsassemblyGAC_32mcstoredb6.1.0.0__31bf3856ad364e35mcstoredb.dll
    [2009/07/14 02:24:14 | 000,507,904 | —- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C — C:windowsassemblyGAC_32Microsoft.Ink6.1.0.0__31bf3856ad364e35Microsoft.Ink.dll
    [2009/07/14 02:24:28 | 000,077,824 | —- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 — C:windowsassemblyGAC_32Microsoft.Interop.Security.AzRoles2.0.0.0__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.dll
    [2012/12/14 09:10:13 | 000,117,160 | —- | M] () MD5=569124F95660007F8C470D00A96CBD7D — C:windowsassemblyGAC_32Microsoft.Office.InfoPath.Client.Internal.Host.Interop12.0.0.0__71e9bce111e9429cMicrosoft.Office.Infopath.Client.Internal.Host.Interop.dll
    [2010/11/21 04:25:11 | 000,163,840 | —- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 — C:windowsassemblyGAC_32Microsoft.Transactions.Bridge.Dtc3.0.0.0__b03f5f7f11d50a3aMicrosoft.Transactions.Bridge.Dtc.dll
    [2012/11/10 08:29:16 | 000,367,400 | —- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 — C:windowsassemblyGAC_32Microsoft.VisualStudio.Tools.Applications.InteropAdapter8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualStudio.Tools.Applications.InteropAdapter.dll
    [2009/07/14 02:26:31 | 000,008,192 | —- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 — C:windowsassemblyGAC_32Microsoft.Windows.Diagnosis.SDEngine6.1.0.0__31bf3856ad364e35Microsoft.Windows.Diagnosis.SDEngine.dll
    [2009/06/10 22:14:52 | 000,087,888 | —- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B — C:windowsassemblyGAC_32MSBuild3.5.0.0__b03f5f7f11d50a3aMSBuild.exe
    [2009/06/10 22:14:53 | 000,001,581 | —- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 — C:windowsassemblyGAC_32MSBuild3.5.0.0__b03f5f7f11d50a3amsbuild.exe.config
    [2012/11/10 08:29:07 | 001,662,976 | —- | M] () MD5=2148068617A9D2B5E08520CAD7014E64 — C:windowsassemblyGAC_32mscorcfg2.0.0.0__b03f5f7f11d50a3amscorcfg.dll
    [2009/06/10 22:22:47 | 000,066,728 | —- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089big5.nlp
    [2009/06/10 22:22:47 | 000,082,172 | —- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089bopomofo.nlp
    [2009/06/10 22:22:58 | 000,116,756 | —- | M] () MD5=F6DFDA5A31162D848634504565F6D321 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089ksc.nlp
    [2013/04/23 23:57:26 | 004,554,752 | —- | M] () MD5=F90B255442B7DF136ABE99D15036ACAB — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
    [2009/06/10 22:23:13 | 000,059,342 | —- | M] () MD5=DA5748A89E22A3932387E65694B25BBB — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normidna.nlp
    [2009/06/10 22:23:13 | 000,045,794 | —- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfc.nlp
    [2009/06/10 22:23:13 | 000,039,284 | —- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfd.nlp
    [2009/06/10 22:23:13 | 000,066,384 | —- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfkc.nlp
    [2009/06/10 22:23:13 | 000,060,294 | —- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfkd.nlp
    [2009/06/10 22:23:14 | 000,083,748 | —- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089prc.nlp
    [2009/06/10 22:23:14 | 000,083,748 | —- | M] () MD5=901863C68E6523336CAC602FE9320ABC — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089prcp.nlp
    [2009/06/10 22:23:17 | 000,262,148 | —- | M] () MD5=FB59D247F7143C3B9683A547E808A88B — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
    [2009/06/10 22:23:17 | 000,020,320 | —- | M] () MD5=FF13BA175F0013D2311827E0D438C60B — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
    [2009/06/10 22:23:23 | 000,028,288 | —- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089xjis.nlp
    [2010/11/21 04:24:32 | 000,046,080 | —- | M] () MD5=93C4029DABC19166076BE347283AB969 — C:windowsassemblyGAC_32napcrypt6.1.0.0__31bf3856ad364e35NAPCRYPT.DLL
    [2010/11/21 04:23:48 | 000,107,008 | —- | M] () MD5=E9CFC1884D1E579E82073103827FA62B — C:windowsassemblyGAC_32naphlpr6.1.0.0__31bf3856ad364e35NAPHLPR.DLL
    [2009/07/13 23:04:07 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.0.Microsoft.Ink.config
    [2009/07/14 02:25:25 | 000,005,632 | —- | M] () MD5=608232474C33C71F863B0866E5165C1C — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.0.Microsoft.Ink.dll
    [2009/06/10 22:32:22 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.config
    [2009/07/14 02:26:15 | 000,005,632 | —- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
    [2009/06/10 22:32:22 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_32Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.config
    [2009/07/14 02:23:30 | 000,005,632 | —- | M] () MD5=D6C077082EAA747911C212A9EB64A813 — C:windowsassemblyGAC_32Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
    [2009/07/13 23:04:07 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.1.7.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.7.Microsoft.Ink.config
    [2009/07/14 02:22:54 | 000,005,632 | —- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 — C:windowsassemblyGAC_32Policy.1.7.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.7.Microsoft.Ink.dll
    [2009/07/13 23:04:08 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.config
    [2009/07/14 02:23:04 | 000,005,632 | —- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC — C:windowsassemblyGAC_32Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.dll
    [2013/04/15 23:56:15 | 004,218,880 | —- | M] () MD5=8DFB5078508924FA725C203CE179B10C — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35PresentationCore.dll
    [2009/06/10 22:14:51 | 000,000,161 | —- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35PresentationFontCache.exe.config
    [2013/04/19 23:55:09 | 001,737,376 | —- | M] () MD5=E0E5BB58A4C43F7DBB83352785F32DEF — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35wpfgfx_v0300.dll
    [2010/11/21 04:24:15 | 000,486,400 | —- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 — C:windowsassemblyGAC_32System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
    [2010/11/21 04:24:08 | 002,927,616 | —- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 — C:windowsassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll
    [2010/11/21 04:24:07 | 000,258,048 | —- | M] () MD5=6DB969DF540BC71722848940D180AC08 — C:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
    [2010/11/21 04:24:07 | 000,113,664 | —- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 — C:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
    [2013/04/15 23:56:16 | 000,372,736 | —- | M] () MD5=962108F1B42E442AF55588CC14F4794F — C:windowsassemblyGAC_32System.Printing3.0.0.0__31bf3856ad364e35System.Printing.dll
    [2009/06/10 22:23:19 | 000,261,632 | —- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 — C:windowsassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
    [2013/04/19 23:55:06 | 005,283,840 | —- | M] () MD5=2D9D6335997928AE65B3DE25609CD9F0 — C:windowsassemblyGAC_32System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll


    [2010/11/21 04:24:42 | 000,249,344 | —- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C — C:windowsassemblyGAC_64BDATunePIA6.1.0.0__31bf3856ad364e35BDATunePIA.dll
    [2010/11/21 04:23:56 | 000,080,896 | —- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 — C:windowsassemblyGAC_64CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
    [2010/11/21 04:24:22 | 000,089,600 | —- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 — C:windowsassemblyGAC_64ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
    [2010/11/21 04:24:42 | 000,139,264 | —- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 — C:windowsassemblyGAC_64mcstoredb6.1.0.0__31bf3856ad364e35mcstoredb.dll
    [2010/11/21 04:24:42 | 000,198,656 | —- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 — C:windowsassemblyGAC_64mcupdate6.1.0.0__31bf3856ad364e35mcupdate.exe
    [2010/11/21 04:24:42 | 000,133,120 | —- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 — C:windowsassemblyGAC_64Mcx2Dvcs6.1.0.0__31bf3856ad364e35Mcx2Dvcs.dll
    [2009/07/14 02:51:37 | 000,507,904 | —- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A — C:windowsassemblyGAC_64Microsoft.Ink6.1.0.0__31bf3856ad364e35Microsoft.Ink.dll
    [2009/07/14 02:51:13 | 000,077,824 | —- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 — C:windowsassemblyGAC_64Microsoft.Interop.Security.AzRoles2.0.0.0__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.dll
    [2011/08/17 06:28:23 | 000,315,392 | —- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Interop6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Interop.dll
    [2010/11/21 04:24:42 | 000,147,968 | —- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 — C:windowsassemblyGAC_64Microsoft.MediaCenter.iTV.Media6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.iTV.Media.dll
    [2010/11/21 04:24:42 | 000,056,320 | —- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Mheg6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Mheg.dll
    [2010/11/21 04:24:42 | 000,114,688 | —- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Playback6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Playback.dll
    [2010/11/21 04:24:42 | 000,327,168 | —- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 — C:windowsassemblyGAC_64Microsoft.MediaCenter.TV.Tuners.Interop6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.TV.Tuners.Interop.dll
    [2010/11/21 04:24:53 | 000,163,840 | —- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E — C:windowsassemblyGAC_64Microsoft.Transactions.Bridge.Dtc3.0.0.0__b03f5f7f11d50a3aMicrosoft.Transactions.Bridge.Dtc.dll
    [2012/11/10 08:29:15 | 000,454,440 | —- | M] () MD5=78D01EA9CE232F25ACE9024E12950853 — C:windowsassemblyGAC_64Microsoft.VisualStudio.Tools.Applications.InteropAdapter8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualStudio.Tools.Applications.InteropAdapter.dll
    [2009/07/14 02:49:27 | 000,008,192 | —- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA — C:windowsassemblyGAC_64Microsoft.Windows.Diagnosis.SDEngine6.1.0.0__31bf3856ad364e35Microsoft.Windows.Diagnosis.SDEngine.dll
    [2010/11/21 04:24:49 | 000,019,968 | —- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 — C:windowsassemblyGAC_64Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop6.1.0.0__31bf3856ad364e35Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
    [2010/11/21 04:24:59 | 000,083,792 | —- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D — C:windowsassemblyGAC_64MSBuild3.5.0.0__b03f5f7f11d50a3aMSBuild.exe
    [2009/06/10 21:31:02 | 000,001,581 | —- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 — C:windowsassemblyGAC_64MSBuild3.5.0.0__b03f5f7f11d50a3amsbuild.exe.config
    [2009/06/10 21:39:44 | 000,066,728 | —- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089big5.nlp
    [2009/06/10 21:39:44 | 000,082,172 | —- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089bopomofo.nlp
    [2009/06/10 21:39:54 | 000,116,756 | —- | M] () MD5=F6DFDA5A31162D848634504565F6D321 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089ksc.nlp
    [2013/04/23 23:56:10 | 004,567,040 | —- | M] () MD5=32B844F1DAA7912FBBB119047303E73F — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
    [2009/06/10 21:40:01 | 000,059,342 | —- | M] () MD5=DA5748A89E22A3932387E65694B25BBB — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normidna.nlp
    [2009/06/10 21:40:01 | 000,045,794 | —- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfc.nlp
    [2009/06/10 21:40:01 | 000,039,284 | —- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfd.nlp
    [2009/06/10 21:40:01 | 000,066,384 | —- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfkc.nlp
    [2009/06/10 21:40:01 | 000,060,294 | —- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfkd.nlp
    [2009/06/10 21:40:01 | 000,083,748 | —- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089prc.nlp
    [2009/06/10 21:40:01 | 000,083,748 | —- | M] () MD5=901863C68E6523336CAC602FE9320ABC — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089prcp.nlp
    [2009/06/10 21:40:02 | 000,262,148 | —- | M] () MD5=FB59D247F7143C3B9683A547E808A88B — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
    [2009/06/10 21:40:02 | 000,020,320 | —- | M] () MD5=FF13BA175F0013D2311827E0D438C60B — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
    [2009/06/10 21:40:10 | 000,028,288 | —- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089xjis.nlp
    [2010/11/21 04:24:16 | 000,050,176 | —- | M] () MD5=E0773633E4193B183FB396192581BD86 — C:windowsassemblyGAC_64napcrypt6.1.0.0__31bf3856ad364e35NAPCRYPT.DLL
    [2010/11/21 04:24:24 | 000,133,632 | —- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B — C:windowsassemblyGAC_64naphlpr6.1.0.0__31bf3856ad364e35NAPHLPR.DLL
    [2009/06/10 21:51:13 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_64Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.config
    [2009/07/14 02:52:10 | 000,005,120 | —- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 — C:windowsassemblyGAC_64Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
    [2009/06/10 21:51:13 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_64Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.config
    [2009/07/14 02:50:32 | 000,005,120 | —- | M] () MD5=265830B968EC5512E923C5482A5F5EEB — C:windowsassemblyGAC_64Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
    [2009/07/13 22:54:48 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_64Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.config
    [2009/07/14 02:50:49 | 000,005,120 | —- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 — C:windowsassemblyGAC_64Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.dll
    [2013/04/15 23:55:18 | 003,998,208 | —- | M] () MD5=AE098D9D3BD83440C59A0C3386F4F5DD — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35PresentationCore.dll
    [2009/06/10 21:30:59 | 000,000,161 | —- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35PresentationFontCache.exe.config
    [2013/04/19 23:54:21 | 002,256,032 | —- | M] () MD5=6E656C325A5519A3A9D951709958CF6F — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35wpfgfx_v0300.dll
    [2010/11/21 04:24:09 | 000,502,272 | —- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C — C:windowsassemblyGAC_64System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
    [2010/11/21 04:24:02 | 003,095,552 | —- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B — C:windowsassemblyGAC_64System.Data2.0.0.0__b77a5c561934e089System.Data.dll
    [2010/11/21 04:24:01 | 000,245,760 | —- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 — C:windowsassemblyGAC_64System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
    [2010/11/21 04:24:01 | 000,133,120 | —- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 — C:windowsassemblyGAC_64System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
    [2013/04/15 23:55:19 | 000,358,912 | —- | M] () MD5=D5B9510CA085D4E04BEBD2C47CD50925 — C:windowsassemblyGAC_64System.Printing3.0.0.0__31bf3856ad364e35System.Printing.dll
    [2009/06/10 21:40:06 | 000,283,136 | —- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C — C:windowsassemblyGAC_64System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
    [2013/04/19 23:54:20 | 005,292,032 | —- | M] () MD5=EB0E4FD11A19D25ED65ACE37277BFC7B — C:windowsassemblyGAC_64System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll


    [2013/05/27 15:14:34 | 000,000,000 | -H– | M] () — C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun-1E-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock
    [2013/09/01 08:53:59 | 000,118,378 | —- | M] () — C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log


    [1 C:windows*.tmp files -> C:windows*.tmp -> ]


    “DefaultConnectionSettings” = 46 00 00 00 7D 0B 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
    “SavedLegacySettings” = 46 00 00 00 20 07 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
    “Connexion r�seau” = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]


    Invalid Switch:


    [2009/07/14 06:08:49 | 000,000,006 | -H– | C] () — C:windowsTasksSA.DAT
    [2009/07/14 06:08:49 | 000,032,496 | —- | C] () — C:windowsTasksSCHEDLGU.TXT
    [2012/03/14 21:17:22 | 000,000,830 | —- | C] () — C:windowsTasksAdobe Flash Player Updater.job
    [2012/03/14 21:22:55 | 000,001,078 | —- | C] () — C:windowsTasksGoogleUpdateTaskMachineCore.job
    [2012/03/14 21:22:57 | 000,001,082 | —- | C] () — C:windowsTasksGoogleUpdateTaskMachineUA.job
    [2012/11/30 19:41:37 | 000,000,902 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
    [2012/11/30 19:41:38 | 000,000,924 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
    [2013/06/09 19:54:14 | 000,000,942 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
    [2013/06/09 19:54:15 | 000,000,964 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job

  • kazanastra
    Post count: 0

    SafeBootMin:64bit: AppMgmt – Service
    SafeBootMin:64bit: Base – Driver Group
    SafeBootMin:64bit: Boot Bus Extender – Driver Group
    SafeBootMin:64bit: Boot file system – Driver Group
    SafeBootMin:64bit: File system – Driver Group
    SafeBootMin:64bit: Filter – Driver Group
    SafeBootMin:64bit: HelpSvc – Service
    SafeBootMin:64bit: MCODS – Reg Error: Value error.
    SafeBootMin:64bit: PCI Configuration – Driver Group
    SafeBootMin:64bit: PNP Filter – Driver Group
    SafeBootMin:64bit: Primary disk – Driver Group
    SafeBootMin:64bit: sacsvr – Service
    SafeBootMin:64bit: SCSI Class – Driver Group
    SafeBootMin:64bit: System Bus Extender – Driver Group
    SafeBootMin:64bit: vmms – Service
    SafeBootMin:64bit: WinDefend – C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
    SafeBootMin: AppMgmt – Service
    SafeBootMin: Base – Driver Group
    SafeBootMin: Boot Bus Extender – Driver Group
    SafeBootMin: Boot file system – Driver Group
    SafeBootMin: File system – Driver Group
    SafeBootMin: Filter – Driver Group
    SafeBootMin: HelpSvc – Service
    SafeBootMin: MCODS – Reg Error: Value error.
    SafeBootMin: PCI Configuration – Driver Group
    SafeBootMin: PNP Filter – Driver Group
    SafeBootMin: Primary disk – Driver Group
    SafeBootMin: sacsvr – Service
    SafeBootMin: SCSI Class – Driver Group
    SafeBootMin: System Bus Extender – Driver Group
    SafeBootMin: vmms – Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices

    SafeBootNet:64bit: AppMgmt – Service
    SafeBootNet:64bit: Base – Driver Group
    SafeBootNet:64bit: Boot Bus Extender – Driver Group
    SafeBootNet:64bit: Boot file system – Driver Group
    SafeBootNet:64bit: File system – Driver Group
    SafeBootNet:64bit: Filter – Driver Group
    SafeBootNet:64bit: HelpSvc – Service
    SafeBootNet:64bit: MCODS – Reg Error: Value error.
    SafeBootNet:64bit: Messenger – Service
    SafeBootNet:64bit: NDIS Wrapper – Driver Group
    SafeBootNet:64bit: NetBIOSGroup – Driver Group
    SafeBootNet:64bit: NetDDEGroup – Driver Group
    SafeBootNet:64bit: Network – Driver Group
    SafeBootNet:64bit: NetworkProvider – Driver Group
    SafeBootNet:64bit: PCI Configuration – Driver Group
    SafeBootNet:64bit: PNP Filter – Driver Group
    SafeBootNet:64bit: PNP_TDI – Driver Group
    SafeBootNet:64bit: Primary disk – Driver Group
    SafeBootNet:64bit: rdsessmgr – Service
    SafeBootNet:64bit: sacsvr – Service
    SafeBootNet:64bit: SCSI Class – Driver Group
    SafeBootNet:64bit: Streams Drivers – Driver Group
    SafeBootNet:64bit: System Bus Extender – Driver Group
    SafeBootNet:64bit: TDI – Driver Group
    SafeBootNet:64bit: vmms – Service
    SafeBootNet:64bit: WinDefend – C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
    SafeBootNet:64bit: WudfUsbccidDriver – Driver
    SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
    SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
    SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
    SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
    SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
    SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
    SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
    SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} – Net
    SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} – NetClient
    SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} – NetService
    SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} – NetTrans
    SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
    SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
    SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
    SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
    SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} – Smart card readers
    SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
    SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
    SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
    SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
    SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
    SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
    SafeBootNet: AppMgmt – Service
    SafeBootNet: Base – Driver Group
    SafeBootNet: Boot Bus Extender – Driver Group
    SafeBootNet: Boot file system – Driver Group
    SafeBootNet: File system – Driver Group
    SafeBootNet: Filter – Driver Group
    SafeBootNet: HelpSvc – Service
    SafeBootNet: MCODS – Reg Error: Value error.
    SafeBootNet: Messenger – Service
    SafeBootNet: NDIS Wrapper – Driver Group
    SafeBootNet: NetBIOSGroup – Driver Group
    SafeBootNet: NetDDEGroup – Driver Group
    SafeBootNet: Network – Driver Group
    SafeBootNet: NetworkProvider – Driver Group
    SafeBootNet: PCI Configuration – Driver Group
    SafeBootNet: PNP Filter – Driver Group
    SafeBootNet: PNP_TDI – Driver Group
    SafeBootNet: Primary disk – Driver Group
    SafeBootNet: rdsessmgr – Service
    SafeBootNet: sacsvr – Service
    SafeBootNet: SCSI Class – Driver Group
    SafeBootNet: Streams Drivers – Driver Group
    SafeBootNet: System Bus Extender – Driver Group
    SafeBootNet: TDI – Driver Group
    SafeBootNet: vmms – Service
    SafeBootNet: WudfUsbccidDriver – Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} – Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} – NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} – NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} – NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} – Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} – Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} – %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
    ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} – C:windowssystem32cmd.exe /D /C start C:windowssystem32ie4uinit.exe -ClearIconCache
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} – Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} – “%ProgramFiles%Windows MailWinMail.exe” OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} – DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} – Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} – Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} – Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} – Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} – Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} – MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} – Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} – regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} – C:windowsSystem32ie4uinit.exe -UserConfig
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} – C:Windowssystem32Rundll32.exe C:Windowssystem32mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} – Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} – Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} – HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} – Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} – .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} – .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} – %SystemRoot%system32unregmp2.exe /ShowWMP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} – Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} – Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} – %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} – C:windowssystem32cmd.exe /D /C start C:windowssystem32ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} – Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} – “%ProgramFiles(x86)%Windows MailWinMail.exe” OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} – DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} – Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} – Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} – Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} – Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} – Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} – MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} – Dossiers Web
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} – Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} – .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} – regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} –
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} – C:WindowsSysWOW64Rundll32.exe C:WindowsSysWOW64mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} – “C:Program Files (x86)GoogleChromeApplication29.0.1547.66Installerchrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} – Dynamic HTML Data Binding
    ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} – .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} – Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} – Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} – HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} – Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} – .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} – %SystemRoot%system32unregmp2.exe /ShowWMP

    Drivers32:64bit: msacm.l3acm – C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm – C:WindowsSysWOW64l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid – C:windowsSysWow64iccvid.dll (Radius Inc.)
    Drivers32: VIDC.VMnc – C:windowsSysWow64vmnc.dll (VMware, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders – Created Within 30 Days ==========

    [2013/09/09 14:31:49 | 000,602,112 | —- | C] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
    [2013/09/01 16:27:04 | 000,000,000 | —D | C] — C:Sounds
    [2013/09/01 12:54:25 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingMalwarebytes
    [2013/09/01 12:54:23 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes’ Anti-Malware
    [2013/09/01 12:54:22 | 000,025,928 | —- | C] (Malwarebytes Corporation) — C:windowsSysNativedriversmbam.sys
    [2013/09/01 12:54:22 | 000,000,000 | —D | C] — C:ProgramDataMalwarebytes
    [2013/09/01 12:54:21 | 000,000,000 | —D | C] — C:Program Files (x86)Malwarebytes’ Anti-Malware
    [2013/09/01 12:54:11 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalPrograms
    [2013/09/01 07:40:26 | 000,000,000 | —D | C] — C:windowsERUNT
    [2013/09/01 07:31:14 | 000,000,000 | —D | C] — C:AdwCleaner
    [2013/08/31 04:21:33 | 000,000,000 | —D | C] — C:Program Files (x86)ZHPDiag
    [2013/08/31 04:21:33 | 000,000,000 | —D | C] — C:ZHP
    [2013/08/29 22:02:10 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingRadiocom
    [2013/08/29 22:02:05 | 000,000,000 | —D | C] — C:UsersAdministrateurRichMedia
    [2013/08/29 22:02:05 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalRadiocom
    [2013/08/28 19:51:21 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky Anti-Virus 2013
    [2013/08/28 19:50:59 | 000,064,856 | —- | C] (Kaspersky Lab) — C:windowsSysNativeklfphc.dll
    [2013/08/28 19:50:00 | 000,000,000 | —D | C] — C:windowsELAMBKUP
    [2013/08/28 19:49:54 | 000,000,000 | —D | C] — C:ProgramDataKaspersky Lab
    [2013/08/28 19:49:54 | 000,000,000 | —D | C] — C:Program Files (x86)Kaspersky Lab
    [2013/08/28 19:49:21 | 000,620,128 | —- | C] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklif.sys
    [2013/08/28 19:49:21 | 000,090,208 | —- | C] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklflt.sys
    [2013/08/28 18:51:18 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsRich Media Player
    [2013/08/28 18:50:55 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalRich Media Player
    [2013/08/28 03:45:25 | 000,000,000 | —D | C] — C:ProgramDataBDLogging
    [2013/08/28 03:45:14 | 000,511,328 | —- | C] (Microsoft Corporation) — C:windowscapicom.dll
    [2013/08/28 02:32:01 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingQuickScan
    [2013/08/28 02:27:54 | 000,000,000 | —D | C] — C:Program FilesBitdefender
    [2013/08/28 02:17:27 | 000,000,000 | —D | C] — C:Program FilesCommon FilesBitdefender
    [2013/08/27 01:23:34 | 000,000,000 | –SD | C] — C:windowsSysWow64Microsoft
    [2013/08/26 22:34:51 | 000,000,000 | RHSD | C] — C:Autorun.inf
    [2013/08/25 20:07:42 | 000,000,000 | —D | C] — C:UsbFix
    [2013/08/14 16:46:34 | 000,391,168 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ieui.dll
    [2013/08/14 16:46:33 | 000,526,336 | —- | C] (Microsoft Corporation) — C:windowsSysNativeieui.dll
    [2013/08/14 16:46:30 | 000,109,056 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iesysprep.dll
    [2013/08/14 16:46:30 | 000,089,600 | —- | C] (Microsoft Corporation) — C:windowsSysNativeRegisterIEPKEYs.exe
    [2013/08/14 16:46:30 | 000,071,680 | —- | C] (Microsoft Corporation) — C:windowsSysWow64RegisterIEPKEYs.exe
    [2013/08/14 16:46:30 | 000,067,072 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiesetup.dll
    [2013/08/14 16:46:30 | 000,061,440 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iesetup.dll
    [2013/08/14 16:46:30 | 000,051,712 | —- | C] (Microsoft Corporation) — C:windowsSysNativeie4uinit.exe
    [2013/08/14 16:46:30 | 000,039,936 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiernonce.dll
    [2013/08/14 16:46:30 | 000,033,280 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iernonce.dll
    [2013/08/14 16:46:29 | 000,136,704 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiesysprep.dll
    [2013/08/14 16:46:24 | 000,855,552 | —- | C] (Microsoft Corporation) — C:windowsSysNativejscript.dll
    [2013/08/14 16:46:24 | 000,603,136 | —- | C] (Microsoft Corporation) — C:windowsSysNativemsfeeds.dll
    [2013/08/14 16:46:23 | 003,958,784 | —- | C] (Microsoft Corporation) — C:windowsSysNativejscript9.dll
    [2013/08/14 16:46:23 | 000,690,688 | —- | C] (Microsoft Corporation) — C:windowsSysWow64jscript.dll
    [2013/08/13 21:29:09 | 001,472,512 | —- | C] (Microsoft Corporation) — C:windowsSysNativecrypt32.dll
    [2013/08/13 21:29:08 | 000,224,256 | —- | C] (Microsoft Corporation) — C:windowsSysNativewintrust.dll
    [2013/08/13 21:29:07 | 000,139,776 | —- | C] (Microsoft Corporation) — C:windowsSysNativecryptnet.dll
    [2013/08/13 21:27:41 | 001,888,768 | —- | C] (Microsoft Corporation) — C:windowsSysNativeWMVDECOD.DLL
    [2013/08/13 21:27:40 | 001,620,992 | —- | C] (Microsoft Corporation) — C:windowsSysWow64WMVDECOD.DLL
    [2013/08/13 21:27:39 | 001,217,024 | —- | C] (Microsoft Corporation) — C:windowsSysNativerpcrt4.dll
    [2013/08/13 21:27:34 | 003,913,664 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntoskrnl.exe
    [2013/08/13 21:27:32 | 003,968,960 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntkrnlpa.exe
    [2013/08/13 21:27:31 | 005,550,528 | —- | C] (Microsoft Corporation) — C:windowsSysNativentoskrnl.exe
    [2013/08/13 21:27:31 | 001,732,032 | —- | C] (Microsoft Corporation) — C:windowsSysNativentdll.dll
    [2013/08/13 21:27:30 | 000,243,712 | —- | C] (Microsoft Corporation) — C:windowsSysNativewow64.dll
    [2013/08/13 21:27:29 | 000,014,336 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntvdm64.dll
    [2013/08/13 21:27:28 | 000,025,600 | —- | C] (Microsoft Corporation) — C:windowsSysWow64setup16.exe
    [2013/08/13 21:27:28 | 000,005,120 | —- | C] (Microsoft Corporation) — C:windowsSysWow64wow32.dll
    [2013/08/13 21:27:27 | 000,007,680 | —- | C] (Microsoft Corporation) — C:windowsSysWow64instnm.exe
    [2013/08/13 21:27:27 | 000,002,048 | —- | C] (Microsoft Corporation) — C:windowsSysWow64user.exe
    [1 C:windows*.tmp files -> C:windows*.tmp -> ]

    ========== Files – Modified Within 30 Days ==========

    [2013/09/10 23:59:56 | 001,566,088 | —- | M] () — C:windowsSysNativePerfStringBackup.INI
    [2013/09/10 23:59:56 | 000,712,096 | —- | M] () — C:windowsSysNativeperfh00C.dat
    [2013/09/10 23:59:56 | 000,622,464 | —- | M] () — C:windowsSysNativeperfh009.dat
    [2013/09/10 23:59:56 | 000,133,806 | —- | M] () — C:windowsSysNativeperfc00C.dat
    [2013/09/10 23:59:56 | 000,109,310 | —- | M] () — C:windowsSysNativeperfc009.dat
    [2013/09/10 23:52:00 | 000,001,082 | —- | M] () — C:windowstasksGoogleUpdateTaskMachineUA.job
    [2013/09/10 23:14:00 | 000,000,830 | —- | M] () — C:windowstasksAdobe Flash Player Updater.job
    [2013/09/10 22:59:02 | 000,000,964 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job
    [2013/09/10 22:46:00 | 000,000,924 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
    [2013/09/10 21:58:11 | 000,067,584 | –S- | M] () — C:windowsbootstat.dat
    [2013/09/10 19:59:01 | 000,000,942 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
    [2013/09/10 19:46:00 | 000,000,902 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
    [2013/09/09 14:31:56 | 000,602,112 | —- | M] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
    [2013/09/09 14:11:32 | 000,001,078 | —- | M] () — C:windowstasksGoogleUpdateTaskMachineCore.job
    [2013/09/09 01:50:14 | 000,038,784 | -H– | M] () — C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/09 01:50:14 | 000,038,784 | -H– | M] () — C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/09 01:42:11 | 623,069,829 | —- | M] () — C:windowsMEMORY.DMP
    [2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () — C:hiberfil.sys
    [2013/09/02 17:55:08 | 000,000,512 | —- | M] () — C:PhysicalDisk0_MBR.bin
    [2013/08/30 04:22:17 | 000,178,448 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriverskneps.sys
    [2013/08/30 04:22:17 | 000,054,368 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriverskltdi.sys
    [2013/08/30 04:22:17 | 000,029,528 | —- | M] (Kaspersky Lab) — C:windowsSysNativedriversklmouflt.sys
    [2013/08/30 04:22:16 | 000,620,128 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklif.sys
    [2013/08/30 04:22:16 | 000,029,016 | —- | M] (Kaspersky Lab) — C:windowsSysNativedriversklkbdflt.sys
    [2013/08/30 04:22:15 | 000,090,208 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklflt.sys
    [2013/08/28 18:42:38 | 000,230,495 | —- | M] () — C:ProgramData1377711683.bdinstall.bin
    [2013/08/28 03:46:34 | 000,354,473 | —- | M] () — C:ProgramData1377657701.bdinstall.bin
    [2013/08/28 03:46:20 | 000,000,385 | —- | M] () — C:windowsSysNativeuser_gensett.xml
    [2013/08/28 03:45:37 | 000,000,000 | -H– | M] () — C:windowsSysNativedriversMsft_Kernel_avchv_01009.Wdf
    [2013/08/28 03:40:23 | 000,370,476 | —- | M] () — C:ProgramData1377653102.bdinstall.bin
    [1 C:windows*.tmp files -> C:windows*.tmp -> ]

    ========== Files Created – No Company Name ==========

    [2013/08/31 04:31:50 | 000,000,512 | —- | C] () — C:PhysicalDisk0_MBR.bin
    [2013/08/28 18:42:38 | 000,230,495 | —- | C] () — C:ProgramData1377711683.bdinstall.bin
    [2013/08/28 03:46:34 | 000,354,473 | —- | C] () — C:ProgramData1377657701.bdinstall.bin
    [2013/08/28 03:46:20 | 000,000,385 | —- | C] () — C:windowsSysNativeuser_gensett.xml
    [2013/08/28 03:45:37 | 000,000,000 | -H– | C] () — C:windowsSysNativedriversMsft_Kernel_avchv_01009.Wdf
    [2013/08/28 03:40:23 | 000,370,476 | —- | C] () — C:ProgramData1377653102.bdinstall.bin
    [2013/07/27 10:22:55 | 000,000,708 | —- | C] () — C:UsersAdministrateurBibliothèques – Raccourci.lnk
    [2013/03/20 16:29:00 | 001,590,564 | —- | C] () — C:windowsSysWow64PerfStringBackup.INI
    [2013/03/12 18:52:42 | 000,000,382 | —- | C] () — C:windowsODBC.INI
    [2013/01/06 22:55:35 | 000,000,293 | —- | C] () — C:windowsgame.ini
    [2012/11/30 18:23:17 | 000,000,000 | —- | C] () — C:windowsToDisc.INI
    [2012/04/07 17:14:14 | 000,128,312 | —- | C] () — C:windowsSysWow64GFNEX.dll
    [2012/04/07 17:12:39 | 000,028,528 | —- | C] () — C:windowsrlt8723a_chip_bt40_fw_asic_rom_patch.dll
    [2012/04/07 17:09:55 | 000,451,072 | —- | C] () — C:windowsSysWow64ISSRemoveSP.exe
    [2012/04/07 17:03:23 | 000,000,000 | —- | C] () — C:windowsativpsrm.bin
    [2012/04/07 17:00:51 | 000,204,960 | —- | C] () — C:windowsSysWow64ativvsvl.dat
    [2012/04/07 17:00:51 | 000,157,152 | —- | C] () — C:windowsSysWow64ativvsva.dat
    [2012/04/07 17:00:51 | 000,003,917 | —- | C] () — C:windowsSysWow64atipblag.dat
    [2012/01/20 12:49:58 | 000,059,904 | —- | C] () — C:windowsSysWow64OpenVideo.dll
    [2012/01/20 12:49:48 | 000,054,784 | —- | C] () — C:windowsSysWow64OVDecode.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () — C:windowsassemblyDesktop.ini

    [HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

    [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

    [HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

    [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
    “” = C:WindowsSysNativeshell32.dll — [2013/02/27 06:52:56 | 014,172,672 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Apartment

    [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
    “” = %SystemRoot%system32shell32.dll — [2013/02/27 05:55:05 | 012,872,704 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Apartment

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64
    “” = C:WindowsSysNativewbemfastprox.dll — [2009/07/14 02:40:51 | 000,909,312 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Free

    [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
    “” = %systemroot%system32wbemfastprox.dll — [2010/11/21 04:24:25 | 000,606,208 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Free

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64
    “” = C:WindowsSysNativewbemwbemess.dll — [2009/07/14 02:41:56 | 000,505,856 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Both

    [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

    ========== LOP Check ==========

    [2013/09/10 21:58:36 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingInternetEverywhere
    [2013/05/17 12:52:12 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingNotepad++
    [2013/05/19 20:13:30 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingPowerISO
    [2013/08/28 02:32:01 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingQuickScan
    [2013/08/29 22:02:10 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingRadiocom
    [2013/07/24 07:37:14 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingTheta
    [2013/06/03 14:08:48 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingToshiba
    [2013/07/04 04:51:53 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingUnity
    [2013/07/20 12:30:21 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingWildTangent
    [2013/01/01 15:25:14 | 000,000,000 | —D | M] — C:UsersInvitéAppDataRoamingInternetEverywhere
    [2012/12/15 17:40:50 | 000,000,000 | —D | M] — C:UsersInvitéAppDataRoamingToshiba

    ========== Purity Check ==========

    ========== Custom Scans ==========


    [2011/12/28 04:59:24 | 000,498,688 | —- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 — C:windowsSysNativedriversafd.sys
    [2011/12/28 04:59:24 | 000,498,688 | —- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5afd.sys
    [2011/12/28 05:01:36 | 000,498,176 | —- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345afd.sys
    [2010/11/21 04:24:08 | 000,499,712 | —- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991afd.sys
    [2011/04/25 03:34:03 | 000,499,200 | —- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170afd.sys
    [2011/04/25 04:09:35 | 000,499,200 | —- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4afd.sys


    [2011/02/26 06:19:21 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652dexplorer.exe
    [2011/02/25 07:19:30 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 — C:Windowsexplorer.exe
    [2011/02/25 07:19:30 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0baexplorer.exe
    [2011/02/26 07:14:34 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332explorer.exe
    [2010/11/21 04:24:25 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafbexplorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E — C:WindowsSysWOW64explorer.exe
    [2011/02/25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5explorer.exe
    [2010/11/21 04:24:11 | 002,872,320 | —- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900explorer.exe


    [2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativedriversi8042prt.sys
    [2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativeDriverStoreFileRepositorykeyboard.inf_amd64_neutral_0684fdc43059f486i8042prt.sys
    [2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativeDriverStoreFileRepositorymsmouse.inf_amd64_neutral_7a5f47d3150cc0ebi8042prt.sys
    [2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:Windowswinsxsamd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bfi8042prt.sys
    [2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:Windowswinsxsamd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9i8042prt.sys


    [2009/07/14 02:39:16 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277lsass.exe
    [2011/11/17 07:20:34 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3flsass.exe
    [2012/06/04 08:51:10 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279clsass.exe
    [2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:windowsSysNativelsass.exe
    [2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20dlsass.exe
    [2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5elsass.exe


    [2010/11/21 04:23:51 | 000,261,632 | —- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 — C:windowsSysNativedriversnetbt.sys
    [2010/11/21 04:23:51 | 000,261,632 | —- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 — C:Windowswinsxsamd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6netbt.sys


    [2009/07/14 02:14:41 | 000,020,992 | —- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe
    [2011/03/01 09:10:51 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391svchost.exe
    [2011/03/01 09:07:49 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 — C:windowsSysNativesvchost.exe
    [2011/03/01 09:07:49 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937svchost.exe
    [2011/03/01 09:07:49 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25bsvchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | —- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC — C:Program Files (x86)Malwarebytes’ Anti-MalwareChameleonsvchost.exe
    [2009/07/14 02:39:46 | 000,027,136 | —- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48csvchost.exe
    [2011/03/01 09:05:31 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 — C:WindowsSysWOW64svchost.exe
    [2011/03/01 09:05:31 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801svchost.exe


    [2012/10/03 18:56:54 | 001,914,248 | —- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88tcpip.sys
    [2011/09/29 18:41:37 | 001,912,176 | —- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69ctcpip.sys
    [2013/05/08 07:14:42 | 001,900,392 | —- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0tcpip.sys
    [2010/11/21 04:24:08 | 001,924,480 | —- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37tcpip.sys
    [2012/08/22 19:06:13 | 001,901,936 | —- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145tcpip.sys
    [2012/03/30 11:26:36 | 001,901,424 | —- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23atcpip.sys
    [2011/04/25 06:33:51 | 001,923,968 | —- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316tcpip.sys
    [2013/05/08 07:39:01 | 001,910,632 | —- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96btcpip.sys
    [2012/03/30 12:35:47 | 001,918,320 | —- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740dtcpip.sys
    [2013/07/06 06:20:38 | 001,900,992 | —- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2ftcpip.sys
    [2013/01/03 07:00:54 | 001,913,192 | —- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143atcpip.sys
    [2011/04/25 07:16:34 | 001,927,552 | —- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357atcpip.sys
    [2013/01/04 06:47:43 | 001,901,416 | —- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8tcpip.sys
    [2011/03/19 08:45:16 | 001,927,552 | —- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9dtcpip.sys
    [2012/10/03 18:44:29 | 001,902,472 | —- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0tcpip.sys
    [2013/07/06 07:03:53 | 001,910,208 | —- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 — C:windowsSysNativedriverstcpip.sys
    [2013/07/06 07:03:53 | 001,910,208 | —- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81btcpip.sys
    [2011/03/19 08:39:54 | 001,924,480 | —- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20tcpip.sys
    [2012/08/22 19:12:50 | 001,913,200 | —- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668tcpip.sys
    [2011/09/29 17:29:28 | 001,923,952 | —- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3ebtcpip.sys


    [2010/11/21 04:23:55 | 000,026,624 | —- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 — C:WindowsSysWOW64userinit.exe
    [2010/11/21 04:23:55 | 000,026,624 | —- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 — C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe
    [2010/11/21 04:24:28 | 000,030,720 | —- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 — C:windowsSysNativeuserinit.exe
    [2010/11/21 04:24:28 | 000,030,720 | —- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 — C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824cuserinit.exe


    [2010/11/21 04:23:47 | 000,295,808 | —- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 — C:windowsSysNativeDriverStoreFileRepositoryvolume.inf_amd64_neutral_df8bea40ac96ca21volsnap.sys
    [2010/11/21 04:23:47 | 000,295,808 | —- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850evolsnap.sys
    [2011/02/25 07:28:30 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9volsnap.sys
    [2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:windowsSysNativedriversvolsnap.sys
    [2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:windowsSysNativeDriverStoreFileRepositoryvolume.inf_amd64_neutral_e7c4cd5b40e03494volsnap.sys
    [2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8volsnap.sys


    [2009/07/14 02:39:52 | 000,129,024 | —- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA — C:windowsSysNativewininit.exe
    [2009/07/14 02:39:52 | 000,129,024 | —- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA — C:Windowswinsxsamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49wininit.exe
    [2009/07/14 02:14:45 | 000,096,256 | —- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 — C:WindowsSysWOW64wininit.exe
    [2009/07/14 02:14:45 | 000,096,256 | —- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 — C:Windowswinsxsx86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13wininit.exe


    [2010/11/21 04:24:29 | 000,390,656 | —- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 — C:windowsSysNativewinlogon.exe
    [2010/11/21 04:24:29 | 000,390,656 | —- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 — C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | —- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC — C:Program Files (x86)Malwarebytes’ Anti-MalwareChameleonwinlogon.exe


    [2013/07/20 12:30:29 | 001,012,600 | —- | M] (WildTangent) — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-toshiba.exe
    [2013/07/20 12:30:03 | 001,012,592 | —- | M] (WildTangent) — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-wildgames.exe
    [2013/07/20 12:29:51 | 000,000,179 | —- | M] () — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-wildgames.exe_filedata
    [2013/07/20 12:30:23 | 000,000,177 | —- | M] () — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-toshiba.exe_filedata


    [2013/08/28 03:40:23 | 000,370,476 | —- | M] () — C:ProgramData1377653102.bdinstall.bin
    [2013/08/28 03:46:34 | 000,354,473 | —- | M] () — C:ProgramData1377657701.bdinstall.bin
    [2013/08/28 18:42:38 | 000,230,495 | —- | M] () — C:ProgramData1377711683.bdinstall.bin
    [2013/08/28 02:22:25 | 000,262,144 | —- | M] () — C:ProgramDatantuser.dat
    [2013/08/28 02:22:37 | 000,005,120 | -HS- | M] () — C:ProgramDatantuser.dat.LOG1
    [2013/08/28 02:22:25 | 000,000,000 | -HS- | M] () — C:ProgramDatantuser.dat.LOG2
    [2013/08/28 02:22:26 | 000,065,536 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
    [2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
    [2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms
    [2013/08/28 02:22:36 | 000,065,536 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
    [2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
    [2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms


    [2013/08/28 18:41:46 | 000,002,691 | —- | M] () — C:bdlog.txt
    [2010/11/21 04:23:51 | 000,383,786 | RHS- | M] () — C:bootmgr
    [2012/03/15 20:26:49 | 000,008,192 | —- | M] () — C:BOOTSECT.BAK
    [2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () — C:hiberfil.sys
    [2013/09/09 01:42:11 | 2105,335,807 | -HS- | M] () — C:pagefile.sys
    [2013/09/02 17:55:08 | 000,000,512 | —- | M] () — C:PhysicalDisk0_MBR.bin
    [2013/08/26 22:33:21 | 000,012,060 | —- | M] () — C:UsbFix [Clean 3] USER-TOSH.txt
    [2013/08/26 22:35:03 | 000,002,944 | —- | M] () — C:UsbFix [Listing 1 ] USER-TOSH.txt
    [2013/09/05 00:42:38 | 000,004,534 | —- | M] () — C:UsbFix [Listing 2 ] USER-TOSH.txt
    [2013/08/25 23:35:12 | 000,010,964 | —- | M] () — C:UsbFix [Scan 1] USER-TOSH.txt
    [2013/08/26 22:21:47 | 000,010,191 | —- | M] () — C:UsbFix [Scan 2] USER-TOSH.txt
    [2013/08/28 01:36:31 | 000,010,853 | —- | M] () — C:UsbFix [Scan 5] USER-TOSH.txt
    [2013/08/30 02:24:24 | 000,009,829 | —- | M] () — C:UsbFix [Scan 6] USER-TOSH.txt


    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () — C:Program Files (x86)desktop.ini


    [2012/11/07 09:27:01 | 000,002,446 | —- | M] () — C:Program Files (x86)Internet Explorerdebug.log
    [2013/06/23 03:11:56 | 000,024,576 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerExtExport.exe
    [2013/06/23 03:11:56 | 000,002,843 | —- | M] () — C:Program Files (x86)Internet Explorerie9props.propdesc
    [2013/06/23 03:11:56 | 000,697,344 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Exploreriedvtool.dll
    [2013/06/23 03:11:56 | 000,467,456 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerieinstal.exe
    [2013/06/23 03:11:56 | 000,222,208 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerielowutil.exe
    [2013/07/26 04:11:59 | 000,257,536 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerieproxy.dll
    [2013/07/26 04:12:00 | 000,236,032 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerIEShims.dll
    [2013/07/26 04:49:06 | 000,770,648 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Exploreriexplore.exe
    [2013/06/23 03:11:56 | 000,440,320 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsdbgui.dll
    [2013/07/26 04:12:04 | 000,108,032 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsdebuggeride.dll
    [2013/06/23 03:11:56 | 000,052,224 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerJSProfilerCore.dll
    [2013/06/23 03:11:56 | 000,147,456 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsprofilerui.dll
    [2013/06/23 03:11:56 | 000,285,080 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorermsdbg2.dll
    [2013/06/23 03:11:56 | 000,294,400 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorernetworkinspection.dll
    [2013/06/23 03:11:56 | 000,392,080 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerpdm.dll
    [2013/06/23 03:11:56 | 000,070,568 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerpdmproxy100.dll
    [2013/07/26 04:13:06 | 000,218,112 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorersqmapi.dll

  • kazanastra
    Post count: 0

    OTL logfile created on: 10/09/2013 23:59:08 – Run 1
    OTL by OldTimer – Version 3.2.69.0 Folder = C:UsersAdministrateurDesktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) – Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    5,96 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 52,90% Memory free
    11,92 Gb Paging File | 8,05 Gb Available in Paging File | 67,50% Paging File free
    Paging file location(s): ?:pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)
    Drive C: | 449,65 Gb Total Space | 324,07 Gb Free Space | 72,07% Space Free | Partition Type: NTFS
    Drive F: | 3,90 Gb Total Space | 0,79 Gb Free Space | 20,16% Space Free | Partition Type: FAT32

    Computer Name: USER-TOSH | User Name: Administrateur | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC – File not found —
    PRC – [2013/09/09 14:31:56 | 000,602,112 | —- | M] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
    PRC – [2013/09/02 21:35:59 | 000,829,392 | —- | M] (Google Inc.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    PRC – [2013/08/30 03:41:32 | 000,356,376 | —- | M] (Kaspersky Lab ZAO) — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe
    PRC – [2013/07/13 04:47:29 | 000,217,992 | —- | M] (Google Inc.) — C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe
    PRC – [2013/04/04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
    PRC – [2013/04/04 14:50:32 | 000,532,040 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe
    PRC – [2013/04/04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
    PRC – [2013/02/26 02:28:44 | 000,357,456 | —- | M] (VMware, Inc.) — C:WindowsSysWOW64vmnetdhcp.exe
    PRC – [2013/02/26 02:28:26 | 000,436,304 | —- | M] (VMware, Inc.) — C:WindowsSysWOW64vmnat.exe
    PRC – [2013/02/26 01:30:42 | 000,087,120 | —- | M] (VMware, Inc.) — C:Program Files (x86)VMwareVMware Playervmware-authd.exe
    PRC – [2012/10/23 18:42:06 | 000,347,120 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe
    PRC – [2012/10/23 18:41:44 | 001,739,760 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere.exe
    PRC – [2012/10/23 18:41:41 | 000,637,936 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe
    PRC – [2012/02/05 05:41:10 | 000,231,328 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeSrvUseMng.exe
    PRC – [2012/02/05 05:40:56 | 000,219,048 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeSrvProvider.exe
    PRC – [2012/02/04 21:47:54 | 000,251,808 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeBtMng.exe
    PRC – [2012/02/04 21:16:54 | 002,824,104 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtMng.exe
    PRC – [2012/01/21 00:29:26 | 000,277,784 | —- | M] (Intel Corporation) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    PRC – [2011/11/04 14:40:06 | 000,687,400 | —- | M] (Nero AG) — C:Program Files (x86)NeroUpdateNASvc.exe
    PRC – [2011/08/08 21:43:00 | 000,690,072 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosA2dp.exe
    PRC – [2011/08/08 21:36:00 | 000,087,960 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtHid.exe
    PRC – [2011/06/06 12:55:28 | 000,064,952 | —- | M] (Adobe Systems Incorporated) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    PRC – [2011/03/14 16:27:28 | 000,236,384 | —- | M] (Huawei Technologies Co., Ltd.) — C:ProgramDataDatacardServiceDCSHelper.exe
    PRC – [2011/02/03 23:18:00 | 000,742,800 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosAVRC.exe
    PRC – [2010/11/21 04:25:10 | 000,164,864 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Windows Media Playerwmplayer.exe
    PRC – [2010/09/07 00:18:00 | 000,746,384 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtHSP.exe

    ========== Modules (No Company Name) ==========

    MOD – [2013/09/02 21:35:56 | 000,410,576 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66ppgooglenaclpluginchrome.dll
    MOD – [2013/09/02 21:35:55 | 013,599,184 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66PepperFlashpepflashplayer.dll
    MOD – [2013/09/02 21:35:54 | 004,053,456 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66pdf.dll
    MOD – [2013/09/02 21:35:04 | 000,709,584 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66libglesv2.dll
    MOD – [2013/09/02 21:35:03 | 000,099,792 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66libegl.dll
    MOD – [2013/09/02 21:35:01 | 001,604,560 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66ffmpegsumo.dll
    MOD – [2012/10/23 18:41:44 | 001,739,760 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere.exe
    MOD – [2012/10/23 18:41:41 | 000,637,936 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe
    MOD – [2012/10/23 18:40:44 | 000,249,344 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgMobileBroadband7.dll
    MOD – [2012/10/23 18:38:48 | 000,606,208 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgCore.dll
    MOD – [2012/10/23 18:38:04 | 000,204,800 | —- | M] () — C:Program Files (x86)InternetEverywhereLiveBoxCM.dll
    MOD – [2012/10/23 18:37:38 | 000,073,728 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDriverInstall.dll
    MOD – [2012/10/23 18:37:27 | 000,376,832 | —- | M] () — C:Program Files (x86)InternetEverywhereWTGSMSPCClient.dll
    MOD – [2012/10/23 18:37:18 | 000,139,264 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgBluetooth.dll
    MOD – [2012/10/23 18:37:10 | 000,212,992 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDetection.dll
    MOD – [2012/10/23 18:36:57 | 000,126,976 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgWiFi.dll
    MOD – [2012/10/23 18:36:46 | 000,081,920 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDialup.dll
    MOD – [2012/10/23 18:36:29 | 000,102,400 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDatabase.dll
    MOD – [2012/10/23 18:36:22 | 000,159,744 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgPorts.dll
    MOD – [2012/10/23 18:36:16 | 000,106,496 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgUtil.dll
    MOD – [2012/10/23 18:35:54 | 000,602,112 | —- | M] () — C:Program Files (x86)InternetEverywhereWTGXMLUtil.dll
    MOD – [2012/08/17 21:40:16 | 000,068,024 | —- | M] () — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013QtWebKitqmlwebkitplugin4.dll
    MOD – [2012/08/17 21:38:56 | 000,479,160 | —- | M] () — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013dblite.dll
    MOD – [2012/01/25 18:57:12 | 000,172,032 | —- | M] () — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosGatt.dll
    MOD – [2011/11/10 08:48:48 | 001,105,920 | —- | M] () — C:Program Files (x86)InternetEverywhereNDISAPI.dll
    MOD – [2007/02/27 19:44:00 | 000,823,296 | —- | M] () — C:Program Files (x86)InternetEverywherelibeay32.dll

    ========== Services (SafeList) ==========

    SRV:64bit: – [2013/05/27 06:50:47 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] — C:Program FilesWindows DefenderMpSvc.dll — (WinDefend)
    SRV:64bit: – [2012/01/20 12:27:28 | 000,235,520 | —- | M] (AMD) [Auto | Running] — C:WindowsSysNativeatiesrxx.exe — (AMD External Events Utility)
    SRV:64bit: – [2011/12/16 07:16:48 | 000,583,088 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:Program FilesTOSHIBAPower SaverTosCoSrv.exe — (TosCoSrv)
    SRV:64bit: – [2011/12/14 23:11:38 | 000,833,976 | —- | M] (TOSHIBA Corporation) [On_Demand | Running] — C:Program FilesTOSHIBATPHMTPCHSrv.exe — (TPCHSrv)
    SRV:64bit: – [2011/11/26 02:52:36 | 000,138,152 | —- | M] (TOSHIBA Corporation) [On_Demand | Running] — C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe — (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: – [2011/11/24 21:20:38 | 000,294,848 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:Program FilesTOSHIBATECOTecoService.exe — (TOSHIBA eco Utility Service)
    SRV:64bit: – [2010/10/20 22:41:00 | 000,138,656 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:WindowsSysNativeTODDSrv.exe — (TODDSrv)
    SRV:64bit: – [2010/09/22 18:10:10 | 000,057,184 | —- | M] (Microsoft Corporation) [Disabled | Stopped] — C:Program FilesWindows LiveMeshwlcrasvc.exe — (wlcrasvc)
    SRV:64bit: – [2010/09/10 01:26:34 | 000,162,824 | —- | M] () [Auto | Running] — C:WindowsSysNativeGFNEXSrv.exe — (GFNEXSrv)
    SRV:64bit: – [2009/12/16 16:44:44 | 003,750,400 | —- | M] (SafeNet Inc.) [Auto | Running] — C:WindowsSysNativehasplms.exe — (hasplms)
    SRV – [2013/08/30 03:41:32 | 000,356,376 | —- | M] (Kaspersky Lab ZAO) [Auto | Running] — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe — (AVP)
    SRV – [2013/04/04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) [Auto | Running] — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe — (MBAMService)
    SRV – [2013/04/04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) [Auto | Running] — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe — (MBAMScheduler)
    SRV – [2013/02/26 02:28:44 | 000,357,456 | —- | M] (VMware, Inc.) [Auto | Running] — C:WindowsSysWOW64vmnetdhcp.exe — (VMnetDHCP)
    SRV – [2013/02/26 02:28:26 | 000,436,304 | —- | M] (VMware, Inc.) [Auto | Running] — C:WindowsSysWOW64vmnat.exe — (VMware NAT Service)
    SRV – [2013/02/26 01:30:42 | 000,087,120 | —- | M] (VMware, Inc.) [Auto | Running] — C:Program Files (x86)VMwareVMware Playervmware-authd.exe — (VMAuthdService)
    SRV – [2012/10/23 18:42:06 | 000,347,120 | —- | M] () [Auto | Running] — C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe — (InternetEverywhere_Service)
    SRV – [2012/10/11 16:15:30 | 000,918,680 | —- | M] (VMware, Inc.) [Auto | Running] — C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe — (VMUSBArbService)
    SRV – [2012/07/13 13:28:36 | 000,160,944 | —- | M] (Skype Technologies) [Auto | Stopped] — C:Program Files (x86)SkypeUpdaterUpdater.exe — (SkypeUpdate)
    SRV – [2012/01/21 00:29:26 | 000,277,784 | —- | M] (Intel Corporation) [Auto | Running] — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe — (LMS)
    SRV – [2011/11/04 14:40:06 | 000,687,400 | —- | M] (Nero AG) [Auto | Running] — C:Program Files (x86)NeroUpdateNASvc.exe — (NAUpdate)
    SRV – [2011/07/12 01:16:06 | 000,057,216 | —- | M] (TOSHIBA Corporation) [On_Demand | Stopped] — C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe — (TMachInfo)
    SRV – [2011/06/06 12:55:28 | 000,064,952 | —- | M] (Adobe Systems Incorporated) [Auto | Running] — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe — (AdobeARMservice)
    SRV – [2011/04/02 01:42:00 | 000,198,064 | —- | M] (TOSHIBA CORPORATION) [On_Demand | Running] — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtSrv.exe — (TOSHIBA Bluetooth Service)
    SRV – [2011/03/14 16:27:34 | 000,346,976 | —- | M] () [Auto | Running] — C:ProgramDataDatacardServiceHWDeviceService64.exe — (HWDeviceService64.exe)
    SRV – [2011/02/10 09:25:36 | 000,112,080 | —- | M] (Toshiba Europe GmbH) [Auto | Running] — C:Program Files (x86)Toshiba TEMPROTemproSvc.exe — (TemproMonitoringService)
    SRV – [2010/10/12 18:59:12 | 000,206,072 | —- | M] (WildTangent, Inc.) [On_Demand | Stopped] — C:Program Files (x86)WildTangent GamesAppGamesAppService.exe — (GamesAppService)
    SRV – [2010/03/18 13:16:28 | 000,130,384 | —- | M] (Microsoft Corporation) [Auto | Stopped] — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe — (clr_optimization_v4.0.30319_32)
    SRV – [2010/02/19 13:37:14 | 000,517,096 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] — C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe — (SwitchBoard)
    SRV – [2009/06/10 22:23:09 | 000,066,384 | —- | M] (Microsoft Corporation) [Disabled | Stopped] — C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32)

    ========== Driver Services (SafeList) ==========

    DRV:64bit: – [2013/08/30 04:22:17 | 000,178,448 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriverskneps.sys — (kneps)
    DRV:64bit: – [2013/08/30 04:22:17 | 000,054,368 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriverskltdi.sys — (kltdi)
    DRV:64bit: – [2013/08/30 04:22:17 | 000,029,528 | —- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversklmouflt.sys — (klmouflt)
    DRV:64bit: – [2013/08/30 04:22:16 | 000,620,128 | —- | M] (Kaspersky Lab ZAO) [File_System | System | Running] — C:WindowsSysNativedriversklif.sys — (KLIF)
    DRV:64bit: – [2013/08/30 04:22:16 | 000,029,016 | —- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversklkbdflt.sys — (klkbdflt)
    DRV:64bit: – [2013/04/30 09:51:09 | 000,040,616 | —- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriverstap0901.sys — (tap0901)
    DRV:64bit: – [2013/04/15 10:50:30 | 000,127,384 | —- | M] (Power Software Ltd) [Kernel | System | Running] — C:windowsSysNativedriversscdemu.sys — (SCDEmu)
    DRV:64bit: – [2013/04/04 14:50:32 | 000,025,928 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] — C:WindowsSysNativedriversmbam.sys — (MBAMProtector)
    DRV:64bit: – [2013/02/26 02:28:48 | 000,067,664 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmx86.sys — (vmx86)
    DRV:64bit: – [2013/02/26 02:28:14 | 000,030,800 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmnetuserif.sys — (VMnetuserif)
    DRV:64bit: – [2013/02/26 02:27:48 | 000,045,720 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmnetbridge.sys — (VMnetBridge)
    DRV:64bit: – [2013/02/26 02:27:44 | 000,033,360 | —- | M] (VMware, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversVMkbd.sys — (vmkbd2)
    DRV:64bit: – [2013/01/01 17:11:02 | 000,422,400 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewusbwwan.sys — (ewusbmbb)
    DRV:64bit: – [2012/12/25 15:37:54 | 000,223,232 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewusbmdm.sys — (hwdatacard)
    DRV:64bit: – [2012/12/25 15:37:54 | 000,117,248 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversew_hwusbdev.sys — (ew_hwusbdev)
    DRV:64bit: – [2012/12/25 15:37:54 | 000,098,304 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jucdcacm.sys — (huawei_cdcacm)
    DRV:64bit: – [2012/12/25 15:37:54 | 000,087,040 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jubusenum.sys — (huawei_enumerator)
    DRV:64bit: – [2012/12/25 15:37:54 | 000,072,192 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jucdcecm.sys — (huawei_cdcecm)
    DRV:64bit: – [2012/12/25 15:37:54 | 000,028,672 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_juextctrl.sys — (huawei_ext_ctrl)
    DRV:64bit: – [2012/12/25 15:37:54 | 000,013,952 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_usbenumfilter.sys — (ew_usbenumfilter)
    DRV:64bit: – [2012/11/30 17:35:28 | 000,112,896 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewsercd.sys — (ewsercd)
    DRV:64bit: – [2012/10/24 14:17:14 | 000,070,296 | —- | M] (VMware, Inc.) [Kernel | Boot | Running] — C:WindowsSysNativedriversvsock.sys — (vsock)
    DRV:64bit: – [2012/10/24 14:17:10 | 000,085,104 | —- | M] (VMware, Inc.) [Kernel | Boot | Running] — C:WindowsSysNativedriversvmci.sys — (vmci)
    DRV:64bit: – [2012/10/11 16:15:32 | 000,052,376 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedrivershcmon.sys — (hcmon)
    DRV:64bit: – [2012/10/11 16:15:06 | 000,037,680 | —- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversvmusb.sys — (vmusb)
    DRV:64bit: – [2012/08/02 15:09:34 | 000,028,504 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriversklim6.sys — (KLIM6)
    DRV:64bit: – [2012/06/29 20:39:02 | 000,004,608 | —- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversvncmirror.sys — (vncmirror)
    DRV:64bit: – [2012/06/19 17:28:12 | 000,458,584 | —- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] — C:WindowsSysNativedriverskl1.sys — (kl1)
    DRV:64bit: – [2012/03/01 07:46:16 | 000,023,408 | —- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] — C:windowsSysNativedriversfs_rec.sys — (Fs_Rec)
    DRV:64bit: – [2012/01/30 22:14:00 | 000,304,696 | —- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfbd.sys — (tosrfbd)
    DRV:64bit: – [2012/01/20 12:53:32 | 010,731,520 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversatikmdag.sys — (amdkmdag)
    DRV:64bit: – [2012/01/20 11:34:36 | 000,328,192 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversatikmpag.sys — (amdkmdap)
    DRV:64bit: – [2012/01/17 01:20:38 | 001,082,472 | —- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversrtwlane.sys — (RTL8192Ce)
    DRV:64bit: – [2012/01/05 21:42:32 | 000,021,096 | —- | M] (Realtek Microelectronics) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRtkBtfilter.sys — (RtkBtFilter)
    DRV:64bit: – [2012/01/05 11:58:50 | 000,786,200 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversiusb3xhc.sys — (iusb3xhc)
    DRV:64bit: – [2012/01/05 11:58:50 | 000,355,096 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversiusb3hub.sys — (iusb3hub)
    DRV:64bit: – [2012/01/05 11:58:50 | 000,016,152 | —- | M] (Intel Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversiusb3hcs.sys — (iusb3hcs)
    DRV:64bit: – [2011/12/19 20:15:10 | 000,411,920 | —- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversSynTP.sys — (SynTP)
    DRV:64bit: – [2011/12/17 01:24:00 | 000,079,040 | —- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfusb.sys — (Tosrfusb)
    DRV:64bit: – [2011/12/01 11:42:44 | 000,072,240 | —- | M] (Nero AG) [Kernel | Boot | Running] — C:WindowsSysNativedriversNBVol.sys — (NBVol)
    DRV:64bit: – [2011/12/01 11:42:44 | 000,015,920 | —- | M] (Nero AG) [Kernel | Boot | Running] — C:WindowsSysNativedriversNBVolUp.sys — (NBVolUp)
    DRV:64bit: – [2011/11/30 03:40:32 | 000,568,600 | —- | M] (Intel Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversiaStor.sys — (iaStor)
    DRV:64bit: – [2011/11/10 09:04:14 | 000,060,184 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversHECIx64.sys — (MEIx64)
    DRV:64bit: – [2011/10/17 20:40:50 | 000,093,712 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversAtihdW76.sys — (AtiHDAudioService)
    DRV:64bit: – [2011/08/24 05:57:24 | 000,565,352 | —- | M] (Realtek ) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRt64win7.sys — (RTL8167)
    DRV:64bit: – [2011/08/17 22:27:06 | 000,251,496 | —- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRtsUStor.sys — (RSUSBSTOR)
    DRV:64bit: – [2011/03/18 23:03:18 | 000,482,384 | —- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriverstos_sps64.sys — (tos_sps64)
    DRV:64bit: – [2011/03/11 07:41:12 | 000,107,904 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversamdsata.sys — (amdsata)
    DRV:64bit: – [2011/03/11 07:41:12 | 000,027,008 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] — C:WindowsSysNativedriversamdxata.sys — (amdxata)
    DRV:64bit: – [2011/02/09 03:07:00 | 000,038,096 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversPGEffect.sys — (PGEffect)
    DRV:64bit: – [2010/11/29 19:47:00 | 000,082,224 | —- | M] (TOSHIBA Corporation) [Kernel | System | Running] — C:WindowsSysNativedriverstosrfcom.sys — (Tosrfcom)
    DRV:64bit: – [2010/11/21 04:24:33 | 000,059,392 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTsUsbFlt.sys — (TsUsbFlt)
    DRV:64bit: – [2010/11/21 04:23:47 | 000,078,720 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversHpSAMD.sys — (HpSAMD)
    DRV:64bit: – [2010/11/21 04:23:47 | 000,031,232 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTsUsbGD.sys — (TsUsbGD)
    DRV:64bit: – [2010/11/11 18:27:00 | 000,050,864 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfbnp.sys — (tosrfbnp)
    DRV:64bit: – [2010/08/30 18:48:00 | 000,094,528 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversTosrfhid.sys — (Tosrfhid)
    DRV:64bit: – [2010/06/19 00:45:00 | 000,018,872 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfec.sys — (tosrfec)
    DRV:64bit: – [2010/04/26 19:48:00 | 000,063,488 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTosRfSnd.sys — (TosRfSnd)
    DRV:64bit: – [2009/09/23 02:46:18 | 000,066,304 | —- | M] (Microsoft Corporation) [Kernel | System | Running] — C:WindowsSysNativedriversvpcnfltr.sys — (vpcnfltr)
    DRV:64bit: – [2009/09/23 02:46:17 | 000,359,552 | —- | M] (Microsoft Corporation) [Kernel | System | Running] — C:WindowsSysNativedriversvpcvmm.sys — (vpcvmm)
    DRV:64bit: – [2009/09/23 02:32:39 | 000,095,232 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversvpcusb.sys — (vpcusb)
    DRV:64bit: – [2009/09/23 02:32:33 | 000,187,904 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversvpchbus.sys — (vpcbus)
    DRV:64bit: – [2009/09/21 08:07:26 | 000,071,040 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedriversaksdf.sys — (aksdf)
    DRV:64bit: – [2009/08/20 07:02:06 | 000,130,816 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedriversaksfridge.sys — (aksfridge)
    DRV:64bit: – [2009/07/31 04:22:04 | 000,027,784 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstdcmdpst.sys — (tdcmdpst)
    DRV:64bit: – [2009/07/24 19:33:00 | 000,026,472 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfnds.sys — (tosrfnds)
    DRV:64bit: – [2009/07/15 00:31:18 | 000,026,840 | —- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversTVALZ_O.SYS — (TVALZ)
    DRV:64bit: – [2009/07/14 02:52:20 | 000,194,128 | —- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversamdsbs.sys — (amdsbs)
    DRV:64bit: – [2009/07/14 02:48:04 | 000,065,600 | —- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriverslsi_sas2.sys — (LSI_SAS2)
    DRV:64bit: – [2009/07/14 02:45:55 | 000,024,656 | —- | M] (Promise Technology) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversstexstor.sys — (stexstor)
    DRV:64bit: – [2009/07/14 01:10:47 | 000,011,264 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversrootmdm.sys — (ROOTMODEM)
    DRV:64bit: – [2009/06/20 03:15:22 | 000,014,472 | —- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] — C:WindowsSysNativedriversTVALZFL.sys — (TVALZFL)
    DRV:64bit: – [2009/06/17 20:01:00 | 000,054,664 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosporte.sys — (tosporte)
    DRV:64bit: – [2009/06/10 21:34:33 | 003,286,016 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversevbda.sys — (ebdrv)
    DRV:64bit: – [2009/06/10 21:34:28 | 000,468,480 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversbxvbda.sys — (b06bdrv)
    DRV:64bit: – [2009/06/10 21:34:23 | 000,270,848 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversb57nd60a.sys — (b57nd60a)
    DRV:64bit: – [2009/06/10 21:31:59 | 000,031,232 | —- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedrivershcw85cir.sys — (hcw85cir)
    DRV:64bit: – [2009/03/13 10:55:38 | 000,318,464 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedrivershardlock.sys — (hardlock)
    DRV – [2013/01/01 17:11:03 | 000,098,304 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jucdcacm.sys — (huawei_cdcacm)
    DRV – [2013/01/01 17:11:03 | 000,087,040 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jubusenum.sys — (huawei_enumerator)
    DRV – [2013/01/01 17:11:03 | 000,072,192 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jucdcecm.sys — (huawei_cdcecm)
    DRV – [2013/01/01 17:11:03 | 000,028,672 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_juextctrl.sys — (huawei_ext_ctrl)
    DRV – [2013/01/01 17:11:03 | 000,013,952 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_usbenumfilter.sys — (ew_usbenumfilter)
    DRV – [2013/01/01 17:11:02 | 000,422,400 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbwwan.sys — (ewusbmbb)
    DRV – [2013/01/01 17:11:02 | 000,274,944 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbnet.sys — (ewusbnet)
    DRV – [2013/01/01 17:11:02 | 000,223,232 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbmdm.sys — (hwdatacard)
    DRV – [2013/01/01 17:11:02 | 000,117,248 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversew_hwusbdev.sys — (ew_hwusbdev)
    DRV – [2009/07/14 02:19:10 | 000,019,008 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] — C:WindowsSysWOW64driverswimmount.sys — (WIMMount)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE:64bit: – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
    IE:64bit: – HKLM..SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
    IE:64bit: – HKLM..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
    IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
    IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search bar = http://search.msn.com/spbasic.htm” onclick=”window.open(this.href);return false;
    IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = Reg Error: Value error.
    IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
    IE – HKLM..URLSearchHook: – No CLSID value found
    IE – HKLM..SearchScopes,DefaultScope =
    IE – HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q=” onclick=”window.open(this.href);return false;{searchTerms}&FORM=IE8SRC
    IE – HKLM..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;

    IE – HKU.DEFAULT..SearchScopes,DefaultScope =
    IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

    IE – HKUS-1-5-18..SearchScopes,DefaultScope =
    IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

    IE – HKUS-1-5-19..SearchScopes,DefaultScope =

    IE – HKUS-1-5-20..SearchScopes,DefaultScope =

    IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
    IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
    IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes${searchCLSID}: “URL” = http://search.live.com/results.aspx?q=” onclick=”window.open(this.href);return false;{searchTerms}&src={referrer:source?}
    IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_frTN490
    IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

    ========== FireFox ==========

    FF:64bit:HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF64_11_7_700_224.dll File not found
    FF:64bit:HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
    FF:64bit:HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
    FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll ()
    FF – HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:windowsSysWOW64AdobeDirectornp32dsw_1202122.dll (Adobe Systems, Inc.)
    FF – HKLMSoftwareMozillaPlugins@google.com/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)
    FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
    FF – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
    FF – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
    FF – HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
    FF – HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
    FF – HKLMSoftwareMozillaPlugins@Nero.com/KM: C:PROGRA~2COMMON~1NeroBROWSE~1NPBROW~1.DLL (Nero AG)
    FF – HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)
    FF – HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)
    FF – HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF – HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=15.0.6.14: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
    FF – HKLMSoftwareMozillaPlugins@real.com/nprpplugin;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll (RealPlayer)
    FF – HKLMSoftwareMozillaPlugins@richmediaplayer.com/nppluginrichmediaplayer: C:Program Files (x86)Mozilla Firefoxpluginsnppluginrichmediaplayer.dll ()
    FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
    FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
    FF – HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.4: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)
    FF – HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll ()
    FF – HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
    FF – HKCUSoftwareMozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:UsersAdministrateurAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)
    FF – HKCUSoftwareMozillaPlugins@unity3d.com/UnityPlayer,version=1.0: C:UsersAdministrateurAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{0153E448-190B-4987-BDE1-F256CADA672F}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/12/08 17:23:23 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsFirefox{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013/08/28 18:51:18 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\url_advisor@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExturl_advisor@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\virtual_keyboard@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExtvirtual_keyboard@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\content_blocker@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExtcontent_blocker@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]

    [2013/01/03 18:45:41 | 000,000,000 | —D | M] (No name found) — C:Program Files (x86)Mozilla Firefoxextensions
    [2013/03/12 09:27:46 | 000,093,976 | —- | M] () — C:Program Files (x86)mozilla firefoxpluginsnppluginrichmediaplayer.dll

    ========== Chrome ==========

    CHR – default_search_provider: google (Enabled)
    CHR – default_search_provider: search_url = http://www.google.fr/search?q=” onclick=”window.open(this.href);return false;{searchTerms}
    CHR – default_search_provider: suggest_url =
    CHR – plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66PepperFlashpepflashplayer.dll
    CHR – plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR – plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66ppGoogleNaClPluginChrome.dll
    CHR – plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66pdf.dll
    CHR – plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll
    CHR – plugin: Nero Kwik Media Helper (Enabled) = C:PROGRA~2COMMON~1NeroBROWSE~1NPBROW~1.DLL
    CHR – plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll
    CHR – plugin: Picasa (Enabled) = C:Program Files (x86)GooglePicasa3npPicasa3.dll
    CHR – plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll
    CHR – plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll
    CHR – plugin: PluginRichmediaplayer (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnppluginrichmediaplayer.dll
    CHR – plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll
    CHR – plugin: RealJukebox NS Plugin (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll
    CHR – plugin: RealPlayer Download Plugin (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll
    CHR – plugin: VLC Web Plugin (Enabled) = C:Program Files (x86)VideoLANVLCnpvlc.dll
    CHR – plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll
    CHR – plugin: Windows Liveu0099 Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
    CHR – plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll
    CHR – plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll
    CHR – plugin: Unity Player (Enabled) = C:UsersAdministrateurAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll
    CHR – plugin: Facebook Video Calling Plugin (Enabled) = C:UsersAdministrateurAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll
    CHR – plugin: Shockwave for Director (Enabled) = C:windowsSysWOW64AdobeDirectornp32dsw_1202122.dll
    CHR – plugin: Shockwave Flash (Enabled) = C:windowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll
    CHR – plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll
    CHR – Extension: Documents Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake.0.0.6_0
    CHR – Extension: Documents Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake.5_0
    CHR – Extension: Googleu00A0Drive = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.2_0
    CHR – Extension: Googleu00A0Drive = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
    CHR – Extension: YouTube = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0
    CHR – Extension: YouTube = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
    CHR – Extension: Recherche Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf.0.0.19_0
    CHR – Extension: Recherche Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf.0.0.20_0
    CHR – Extension: Kaspersky URL Advisor = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsdchlnpcodkpfdpacogkljefecpegganj13.0.1.4190_0
    CHR – Extension: Download Video = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsdoagiokpgboiomffjfhaiimafndmmpni1.3.1_0
    CHR – Extension: RealPlayer HTML5Video Downloader Extension = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0
    CHR – Extension: RealPlayer HTML5Video Downloader Extension = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_1
    CHR – Extension: Chrome In-App Payments service = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda.0.4.10_0
    CHR – Extension: Chrome In-App Payments service = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda.0.4.10_1
    CHR – Extension: Gmail = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0
    CHR – Extension: Gmail = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_1

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | —- | M]) – C:WindowsSysNativedriversetchosts
    O2:64bit: – BHO: (Content Blocker Plugin) – {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtContentBlockerie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2:64bit: – BHO: (Virtual Keyboard Plugin) – {73455575-E40C-433C-9784-C78DC7761455} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2:64bit: – BHO: (Google Toolbar Helper) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
    O2:64bit: – BHO: (URL Advisor Plugin) – {E33CF602-D945-461A-83F0-819F76A199F8} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
    O2:64bit: – BHO: (TOSHIBA Media Controller Plug-in) – {F3C88694-EFFA-4d78-B409-54B7B2535B14} – C:Program Files (x86)TOSHIBATOSHIBA Media Controller Plug-inx64TOSHIBAMediaControllerIE.dll ()
    O2 – BHO: (RealPlayer Download and Record Plugin for Internet Explorer) – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
    O2 – BHO: (Content Blocker Plugin) – {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtContentBlockerie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    O2 – BHO: (Virtual Keyboard Plugin) – {73455575-E40C-433C-9784-C78DC7761455} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O2 – BHO: (Java(tm) Plug-In SSV Helper) – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)
    O2 – BHO: (Rich Media Downloader) – {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIERichMediaDownloader.dll (Radiocom CJSC)
    O2 – BHO: (Google Toolbar Helper) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
    O2 – BHO: (URL Advisor Plugin) – {E33CF602-D945-461A-83F0-819F76A199F8} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
    O2 – BHO: (TOSHIBA Media Controller Plug-in) – {F3C88694-EFFA-4d78-B409-54B7B2535B14} – C:Program Files (x86)TOSHIBATOSHIBA Media Controller Plug-inTOSHIBAMediaControllerIE.dll ()
    O2 – BHO: (Rich Media Player) – {FEB703F7-E7B2-4AB0-9566-87658AC70095} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIEPluginRichmediaplayer.dll ()
    O3:64bit: – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
    O3 – HKLM..Toolbar: (Google Toolbar) – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
    O3 – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
    O4:64bit: – HKLM..Run: [] File not found
    O4:64bit: – HKLM..Run: [AdobeAAMUpdater-1.0] C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: – HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: – HKLM..Run: [SRS Premium Sound HD] C:Program FilesSRS LabsSRS Control PanelSRSPanel_64.exe (SRS Labs, Inc.)
    O4:64bit: – HKLM..Run: [TCrdMain] C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: – HKLM..Run: [Teco] C:Program FilesTOSHIBATECOTeco.exe (TOSHIBA Corporation)
    O4:64bit: – HKLM..Run: [Toshiba Registration] C:Program FilesTOSHIBARegistrationToshibaReminder.exe (Toshiba Europe GmbH)
    O4:64bit: – HKLM..Run: [Toshiba TEMPRO] C:Program Files (x86)Toshiba TEMPROTemproTray.exe (Toshiba Europe GmbH)
    O4:64bit: – HKLM..Run: [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: – HKLM..Run: [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: – HKLM..Run: [TosWaitSrv] C:Program FilesTOSHIBATPHMTosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: – HKLM..Run: [TPwrMain] C:Program FilesTOSHIBAPower SaverTPwrMain.exe (TOSHIBA Corporation)
    O4 – HKLM..Run: [AdobeCS6ServiceManager] C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 – HKLM..Run: [AVP] C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe (Kaspersky Lab ZAO)
    O4 – HKLM..Run: [NBAgent] C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe (Nero AG)
    O4 – HKLM..Run: [StartCCC] C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)
    O4 – HKLM..Run: [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated)
    O4 – HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerupdaterealsched.exe (RealNetworks, Inc.)
    O4 – HKU.DEFAULT..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
    O4 – HKUS-1-5-18..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
    O4 – HKUS-1-5-19..Run: [Sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)
    O4 – HKUS-1-5-19..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
    O4 – HKUS-1-5-20..Run: [Sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)
    O4 – HKUS-1-5-20..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
    O4 – HKUS-1-5-21-3799678134-1094475672-2913924675-500..Run: [Facebook Update] C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe (Facebook Inc.)
    O4 – HKUS-1-5-21-3799678134-1094475672-2913924675-500..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
    O4 – HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
    O4 – HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
    O4 – Startup: C:UsersDefaultAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
    O4 – Startup: C:UsersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
    O4 – Startup: C:UsersInvitéAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 3
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1
    O7 – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
    O7 – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 3
    O8:64bit: – Extra context menu item: Add to Google Photos Screensa&ver – res://C” onclick=”window.open(this.href);return false;:windowssystem32GPhotos.scr/200 File not found
    O8 – Extra context menu item: Add to Google Photos Screensa&ver – C:windowsSysWow64GPhotos.scr (Google Inc.)
    O9:64bit: – Extra Button: Virtual Keyboard – {0C4CC089-D306-440D-9772-464E226F6539} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9:64bit: – Extra Button: URLs check – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
    O9 – Extra Button: Virtual Keyboard – {0C4CC089-D306-440D-9772-464E226F6539} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    O9 – Extra Button: Rich Media Downloader – {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIERichMediaDownloader.dll (Radiocom CJSC)
    O9 – Extra Button: URLs check – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
    O10:64bit: – Protocol_Catalog9Catalog_Entries6400000000012 – C:WindowsSysNativevsocklib.dll (VMware, Inc.)
    O10:64bit: – Protocol_Catalog9Catalog_Entries6400000000013 – C:WindowsSysNativevsocklib.dll (VMware, Inc.)
    O10 – Protocol_Catalog9Catalog_Entries00000000012 – C:WindowsSysWOW64vsocklib.dll (VMware, Inc.)
    O10 – Protocol_Catalog9Catalog_Entries00000000013 – C:WindowsSysWOW64vsocklib.dll (VMware, Inc.)
    O1364bit: – gopher Prefix: missing
    O13 – gopher Prefix: missing
    O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
    O16 – DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
    O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.47.9.34 193.95.122.30
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{3AA4AC40-DE5B-46A7-88FD-F8AF6C06778D}: DhcpNameServer = 192.1.1.13 192.1.1.28
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{424CAE7A-7FF0-4B70-AB48-BCB9F861625E}: NameServer = 196.203.80.4 196.203.82.4
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{7CD145E9-81AC-4AB6-87AF-8A3CBD8285B1}: DhcpNameServer = 10.47.9.34 193.95.122.30
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{8AFC0B4A-8564-41F5-901F-9DD8D667FAAC}: DhcpNameServer = 10.47.9.34 193.95.122.30
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{94886D77-FC1C-4772-AA76-EA2FE0E2A52D}: DhcpNameServer = 10.47.9.34 193.95.122.30
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{F9508140-3B1F-4982-9E10-5A25E921B693}: NameServer = 196.203.80.4 196.203.82.4
    O18:64bit: – ProtocolHandlerlivecall – No CLSID value found
    O18:64bit: – ProtocolHandlermsdaipp – No CLSID value found
    O18:64bit: – ProtocolHandlermsdaippx00000001 – No CLSID value found
    O18:64bit: – ProtocolHandlermsdaippoledb – No CLSID value found
    O18:64bit: – ProtocolHandlerms-help – No CLSID value found
    O18:64bit: – ProtocolHandlermsnim – No CLSID value found
    O18:64bit: – ProtocolHandlermso-offdap11 – No CLSID value found
    O18:64bit: – ProtocolHandlerskype4com – No CLSID value found
    O18:64bit: – ProtocolHandlerwlmailhtml – No CLSID value found
    O18:64bit: – ProtocolHandlerwlpg – No CLSID value found
    O18 – ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
    O18 – ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} – C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
    O18 – ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
    O20:64bit: – HKLM Winlogon: Shell – (Explorer.exe) – C:windowsexplorer.exe (Microsoft Corporation)
    O20:64bit: – HKLM Winlogon: UserInit – (C:windowssystem32userinit.exe) – C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:windowsSysWow64explorer.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: UserInit – (userinit.exe) – C:windowsSysWow64userinit.exe (Microsoft Corporation)
    O21:64bit: – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
    O32 – HKLM CDRom: AutoRun – 0
    O32 – AutoRun File – [2013/08/26 22:34:51 | 000,000,000 | RHSD | M] – C:Autorun.inf — [ NTFS ]
    O34 – HKLM BootExecute: (autocheck autochk *)
    O35:64bit: – HKLM..comfile [open] — “%1” %*
    O35:64bit: – HKLM..exefile [open] — “%1” %*
    O35 – HKLM..comfile [open] — “%1” %*
    O35 – HKLM..exefile [open] — “%1” %*
    O37:64bit: – HKLM…com [@ = comfile] — “%1” %*
    O37:64bit: – HKLM…exe [@ = exefile] — “%1” %*
    O37 – HKLM…com [@ = comfile] — “%1” %*
    O37 – HKLM…exe [@ = exefile] — “%1” %*
    O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 – SubSystems\Windows: (ServerDll=sxssrv,4)

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Re

    /! Pas du tout évident, car nbreux inutiles, mais pas vraiment d’infections !
    Par contre, il y a des erreurs disque dur

    • Lance OTL, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche les cases suivantes :
      • Tous les utilisateurs
      • Rapport minimal

    • Copie et colle le Script Helper dans la partie inférieure d’OTL “Personnalisation”
      :OTL
      IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = Reg Error: Value error.
      IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC => Toolbar.Bing
      FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF64_11_7_700_224.dll File not found
      FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll () => WildTangent Games
      O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) => Toolbar.Google
      O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
      O3 - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
      O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
      O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:windowssystem32GPhotos.scr/200 File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      [2013/08/28 02:27:54 | 000,000,000 | ---D | C] -- C:Program FilesBitdefender
      [2013/08/28 02:17:27 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesBitdefender
      [2013/09/10 22:59:02 | 000,000,964 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User
      [2013/09/10 22:46:00 | 000,000,924 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User
      [2013/09/10 19:59:01 | 000,000,942 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User
      [2013/09/10 19:46:00 | 000,000,902 | ---- | M] () -- C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User
      [2013/08/27 01:23:47 | 000,005,120 | -HS- | M] () -- C:windowssystem32configsystemprofileNtUser.dat.LOG1 => Fichiers de rapport (Log)
      [2013/08/27 01:23:47 | 000,000,000 | -HS- | M] () -- C:windowssystem32configsystemprofileNtUser.dat.LOG2 => Fichiers de rapport (Log)
      [2013/09/01 08:53:59 | 000,118,378 | ---- | M] () -- C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log => Fichiers de rapport (Log)
      [2012/11/30 19:41:37 | 000,000,902 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User
      [2012/11/30 19:41:38 | 000,000,924 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User
      [2013/06/09 19:54:14 | 000,000,942 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User
      [2013/06/09 19:54:15 | 000,000,964 | ---- | C] () -- C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User
      CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
      "{4DABD610-3B48-4571-A458-6828314BC363}" = protocol=17 | dir=in | app=c:program files (x86)goforfilesgoforfilesdl.exe | => Peer2Peer.GoforFiles
      "{5FA31665-3E66-4220-85A5-0C9BA627A14D}" = protocol=6 | dir=in | app=c:program files (x86)goforfilesgoforfilesdl.exe | => Peer2Peer.GoforFiles
      "{AA963096-F3BC-4368-BAA0-7E239935E4A4}" = protocol=6 | dir=in | app=c:program files (x86)utorrentutorrent.exe | => P2P.µTorrent*
      "{AEF5129C-0FC3-4689-B079-5A405AE5F8F2}" = protocol=17 | dir=in | app=c:program files (x86)utorrentutorrent.exe | => P2P.µTorrent*
      "{C6D80F91-5525-40DC-A9DA-CE1E2178ED30}" = protocol=6 | dir=in | app=c:program files (x86)utorrentutorrent.exe | => P2P.µTorrent*
      "{C9C9FB32-734D-43F5-A330-24F763A9F2A0}" = protocol=17 | dir=in | app=c:program files (x86)utorrentutorrent.exe | => P2P.µTorrent*
      "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java 6 Update 30 => Oracle
      :Commands
      [emptytemp]
      [emptyflash]
      [purity]
      [reboot]
      [resethost]
      [CREATERESTOREPOINT]

    • Clique sur Correction

    • OTL peut te demander de redémarrer, si c’est le cas fait le immédiatement !
    • Une fois le scan terminé 1 rapport va s’ouvrir ¤¤¤¤¤¤¤¤¤¤¤.log.
    • Copie et colle le contenu du rapport sur le forum.

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

    A te lire avec son rapport ;)

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonjour kazanastra

    Toutes mes excuses pour ce retard de réponse
    J’ai oublié de basculer ton sujet à mon pseudo, donc une notification eMail que je n’ai pas vu/lu !

    Je regarde tes deux logs OTL dans la journée ;)

  • kazanastra
    Post count: 0

    merci bien , sosupload ne peux pas heberger mes rapports …
    https://forums-fec.be/upload/www/?a=d&i=6893683567” onclick=”window.open(this.href);return false;
    https://forums-fec.be/upload/www/?a=d&i=7668009952” onclick=”window.open(this.href);return false;
    @ +

  • Evasion60Evasion60
    Participant
    Post count: 1557

    :hello: Bonjour

    A la lecture des deux sujets, ici SoSVirus & CCM :
    Je pense que c’est le PC qui réinjecte des infections sur ton disque dur USB !

    /! Peux-tu me confirmer, comme tu as écrit =>

    J’ai formaté mon disque dur USB, et cela est revenu

    Branche ton disque dur USB, sans l’ouvrir

    Passe cet outil =>

    • Télécharge OTL (by OldTimer) sur ton bureau.
      ~ Comment Télécharger sur son Bureau ?

    • Lance OTL, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche les cases suivantes :
      • Tous les utilisateurs
      • Recherche Lop
      • Recherche Purity
      • Avec Analyses 64 bit Uniquement pour les systèmes en 64 bit

    • Copie et colle le Script dans le lien ci dessous dans la partie inférieure d’OTL “Personnalisation”

      [glow=red:3osqp121]~ Le Script à copier est[/glow:3osqp121] >> ici <<

    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

    Reviens avec une réponse à ma question & les deux rapports demandés avec OTL ;)

  • Anonyme
    Post count: 0

    Hello ,

    Milles excuses, je n’avais pas vu que tu avais répondu :(

    Je vais demander l’avis d’un autre helper Evasion60 :)

    @ plus tard.

  • kazanastra
    Post count: 0

    ouii ouii , voila ce dossier nrml il contient des musiques mais voila ce qu il contient ( je pense qu il y a d autres fichiers comme selui la mais j l ai effacer)
    https://antimalware.top/images/2013/09/06/Sans_titre4.png” onclick=”window.open(this.href);return false;
    https://antimalware.top/images/2013/09/06/Sans_titre3.png” onclick=”window.open(this.href);return false;
    https://antimalware.top/images/2013/09/06/Sans_titre2.png” onclick=”window.open(this.href);return false;
    @ +

  • Anonyme
    Post count: 0

    Hello ,

    C’est plutôt étrange ton affaire ;(

    J’ai placé mon flash disque sur un autre PC. Depuis, quand j’enregistre des fichiers sur disque amovible quelqu’un se transforme en d’autre fichiers nommé par des symboles et de date de création bizarres (exp:01/09/ 2051) .

    Quand je regarde les fichiers et dossier contenu dans le lecteur F on a :

    [19/04/2013 – 12:52:02 | A | 3332838] F:Project X soundtrack – Beamer Benz Or Bentley.mp3
    [19/06/2013 – 14:20:10 | A | 3438289] F:YP Bitches Money Weed (BMW).mp3
    [21/01/2013 – 21:13:58 | D ] F:lil wayn
    [01/09/2013 – 14:51:50 | D ] F:Booba
    [20/08/2013 – 11:32:34 | D ] F:la fouine
    [01/09/2013 – 17:28:44 | D ] F:emino
    [02/05/2011 – 07:41:08 | A | 5113785] F:eminem – superman.mp3
    [20/08/2012 – 01:53:56 | A | 4489258] F:eminen_lose your self .mp3
    [26/12/2012 – 02:08:54 | A | 2778741] F:SEFYU – MOLOTOV 4.mp3
    [01/01/2013 – 05:14:20 | A | 3621230] F:Sefyu – Turbo.mp3
    [27/02/2012 – 12:52:50 | A | 4619316] F:Wiz Khalifa – Black And Yellow [G-Mix] ft. Snoop Dogg, Juicy J T-Pain – YouTube.flv.MP3
    [19/08/2013 – 15:17:12 | D ] F:best of trance
    [01/09/2013 – 17:41:58 | D ] F:deep
    [06/11/2012 – 23:18:34 | A | 3245442] F:Lee Foss & MK feat. Anabel Englund – Electricity.mp3
    [20/03/2013 – 23:12:14 | A | 3349138] F:Lana Del Rey – Summertime Sadness (Lee Foss & MK Remix).mp3
    [03/09/2012 – 23:39:48 | A | 4524293] F:Phonique- Our Time Our Chance (feat. Ian Whitelaw) (Official music video).mp3
    [31/05/2013 – 00:41:54 | A | 7677088] F:Tennis – Make It Good (Larry Heard Vocal Remix).mp3
    [20/10/2012 – 16:12:10 | A | 5726014] F:Otto Knows – Million Voices (Original Mix) FULL VERSION.mp3
    [24/12/2010 – 18:15:36 | A | 6141649] F:Yeah Yeah Yeahs – Heads Will Roll (A-Trak Remix) [BO Projet X HQ].mp3
    [23/08/2012 – 02:27:04 | A | 6175335] F:Phonique – Feel What You Want Feat. Rebecca.mp3
    [01/10/2012 – 00:16:46 | A | 9059297] F:Top 10 Female Vocal Trance.mp3
    [01/09/2013 – 17:39:00 | A | 0] F:ABOVE&~1.MP3

    Donc toi tu ne vois pas ces fichiers et dossiers ?

    Si c’est bien ça , va dans menu démarrer -> ordinateur -> clic sur le disque F pour l’ouvrir. Ensuite fais une capture du contenu.

    Fais moi parvenir cette capture via SosUpload : https://antimalware.top/” onclick=”window.open(this.href);return false;
    Ensuite fais un clic droit sur l’un de ces fichiers “bizarre”, choisi propriété , fais une capture de l’onglet général et de l’onglet détails. Transmet moi également ces deux captures via SosUpload :)

    @Te lire

  • kazanastra
    Post count: 0

    saluut ouii oui c’est moi , en fait merci bien et je veux dire que mon pc s’arrête parfois (écran bleu écriture blanche)
    [spoiler:1a98ba40]############################## | UsbFix V 7.133 | [Listing]

    Utilisateur: Administrateur (Administrateur) # USER-TOSH
    Mis à jour le 27/08/2013 par El Desaparecido
    Lancé à 00:42:37 | 05/09/2013

    Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware: https://www.sosvirus.net/viewtopic.php?f=6&t=489” onclick=”window.open(this.href);return false;
    Contact: eldesaparecido@sosvirus.net

    PC: TOSHIBA (Satellite c855) (x64-based PC)
    CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2500)
    RAM -> [Total : 6104 | Free : 3341]
    BIOS: InsydeH2O Version 03.72.011.50
    BOOT: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16660

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Kaspersky Anti-Virus [Enabled | (!) Outdated]
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 450 Go (325 Go libre(s) – 72%) [] # NTFS
    D: -> CD-ROM
    F: -> Disque amovible # 4 Go (2 Go libre(s) – 57%) [] # FAT32

    ################## | Listing |

    [19/05/2013 – 00:36:11 | SHD ] C:$Recycle.Bin
    [01/09/2013 – 07:32:28 | D ] C:AdwCleaner
    [26/08/2013 – 22:34:51 | RASHD ] C:Autorun.inf
    [28/08/2013 – 18:41:46 | A | 2691] C:bdlog.txt
    [15/03/2012 – 20:26:46 | SHD ] C:Boot
    [21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
    [15/03/2012 – 20:26:49 | N | 8192] C:BOOTSECT.BAK
    [11/01/2013 – 14:17:16 | D ] C:c60592a295c769f4d1820b14e0f0d2
    [14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
    [19/05/2013 – 15:04:24 | D ] C:EasyPHP
    [04/09/2013 – 04:14:52 | ASH | 4800225280] C:hiberfil.sys
    [10/11/2012 – 08:25:46 | D ] C:IDE
    [07/04/2012 – 16:58:15 | D ] C:Intel
    [10/11/2012 – 08:24:40 | RHD ] C:MSOCache
    [04/09/2013 – 04:14:52 | ASH | 6400303104] C:pagefile.sys
    [02/09/2013 – 17:55:08 | A | 512] C:PhysicalDisk0_MBR.bin
    [28/08/2013 – 02:27:54 | D ] C:Program Files
    [01/09/2013 – 12:54:21 | D ] C:Program Files (x86)
    [01/09/2013 – 12:54:22 | HD ] C:ProgramData
    [01/09/2013 – 16:27:10 | D ] C:Sounds
    [03/09/2013 – 18:59:02 | SHD ] C:System Volume Information
    [16/05/2013 – 09:44:46 | D ] C:temp
    [28/06/2012 – 11:12:04 | D ] C:Toshiba
    [05/09/2013 – 00:42:38 | D ] C:UsbFix
    [26/08/2013 – 22:33:21 | N | 12060] C:UsbFix [Clean 3] USER-TOSH.txt
    [26/08/2013 – 22:35:03 | N | 2944] C:UsbFix [Listing 1 ] USER-TOSH.txt
    [05/09/2013 – 00:42:38 | A | 2362] C:UsbFix [Listing 2 ] USER-TOSH.txt
    [25/08/2013 – 23:35:12 | N | 10964] C:UsbFix [Scan 1] USER-TOSH.txt
    [26/08/2013 – 22:21:47 | N | 10191] C:UsbFix [Scan 2] USER-TOSH.txt
    [28/08/2013 – 01:36:31 | A | 10853] C:UsbFix [Scan 5] USER-TOSH.txt
    [30/08/2013 – 02:24:24 | A | 9829] C:UsbFix [Scan 6] USER-TOSH.txt
    [19/05/2013 – 00:37:41 | D ] C:Users
    [04/09/2013 – 04:14:52 | D ] C:Windows
    [03/09/2013 – 00:51:52 | D ] C:ZHP
    [19/04/2013 – 12:52:02 | A | 3332838] F:Project X soundtrack – Beamer Benz Or Bentley.mp3
    [19/06/2013 – 14:20:10 | A | 3438289] F:YP Bitches Money Weed (BMW).mp3
    [21/01/2013 – 21:13:58 | D ] F:lil wayn
    [01/09/2013 – 14:51:50 | D ] F:Booba
    [20/08/2013 – 11:32:34 | D ] F:la fouine
    [01/09/2013 – 17:28:44 | D ] F:emino
    [02/05/2011 – 07:41:08 | A | 5113785] F:eminem – superman.mp3
    [20/08/2012 – 01:53:56 | A | 4489258] F:eminen_lose your self .mp3
    [26/12/2012 – 02:08:54 | A | 2778741] F:SEFYU – MOLOTOV 4.mp3
    [01/01/2013 – 05:14:20 | A | 3621230] F:Sefyu – Turbo.mp3
    [27/02/2012 – 12:52:50 | A | 4619316] F:Wiz Khalifa – Black And Yellow [G-Mix] ft. Snoop Dogg, Juicy J T-Pain – YouTube.flv.MP3
    [19/08/2013 – 15:17:12 | D ] F:best of trance
    [01/09/2013 – 17:41:58 | D ] F:deep
    [06/11/2012 – 23:18:34 | A | 3245442] F:Lee Foss & MK feat. Anabel Englund – Electricity.mp3
    [20/03/2013 – 23:12:14 | A | 3349138] F:Lana Del Rey – Summertime Sadness (Lee Foss & MK Remix).mp3
    [03/09/2012 – 23:39:48 | A | 4524293] F:Phonique- Our Time Our Chance (feat. Ian Whitelaw) (Official music video).mp3
    [31/05/2013 – 00:41:54 | A | 7677088] F:Tennis – Make It Good (Larry Heard Vocal Remix).mp3
    [20/10/2012 – 16:12:10 | A | 5726014] F:Otto Knows – Million Voices (Original Mix) FULL VERSION.mp3
    [24/12/2010 – 18:15:36 | A | 6141649] F:Yeah Yeah Yeahs – Heads Will Roll (A-Trak Remix) [BO Projet X HQ].mp3
    [23/08/2012 – 02:27:04 | A | 6175335] F:Phonique – Feel What You Want Feat. Rebecca.mp3
    [01/10/2012 – 00:16:46 | A | 9059297] F:Top 10 Female Vocal Trance.mp3
    [01/09/2013 – 17:39:00 | A | 0] F:ABOVE&~1.MP3

    ################## | E.O.F |[/spoiler:1a98ba40]

  • Anonyme
    Post count: 0

    Hello ,

    :welcome:

    C’est toi qui vient du forum Comment ça marche.net :)

    Je colle ton lien de discussion là-bas pour les autres Helper : http://www.commentcamarche.net/forum/affich-28600434-aider-moi-a-trouver-une-solution-pour-desinfecter-mon-flash#top” onclick=”window.open(this.href);return false;

    Ils sont étranges ces symptômes. Mais c’est pas la première fois que j’en entend parler.

    Relance UsbFix avec les flash disk “infectés” connecté , choisi l’option Listing.

    Fais moi ensuite parvenir le rapport dans ta prochaine réponse en utilisant le BBCode Spoiler stp ;)

    @ Te lire

  • kazanastra
    Post count: 0

    Bonsoir,
    J’ai placé mon flash disque sur un autre PC. Depuis, quand j’enregistre des fichiers sur disque amovible quelqu’un se transforme en d’autre fichiers nommé par des symboles et de date de création bizarres (exp:01/09/ 2051) . Je ne sait pas si c’est un virus car les antivirus ne le détectent pas (ni avast ni kasperski ni bitdefendre). Je croit même qu’il infecté mon PC puisque désormais, n’importe quel flash disque que je branche présente les mêmes symptôme !
    Merci de m’indiquer comment régler ce problème
    j ai essayé avec d’autre flashs et d’autre pcs , le meme probleme , il parait que le flash infect les pcs , les pcs infectent les flashs , moi je l’utilise pour enregistrer des musiques , il y a des dossiers la plus par du temps s’enregistre sans aucun prob , mais d’autre quand j’enlève le flash et j l’ouvrir je les trouve vides ou des musiques sans supprimer et d’autre sons répéter plusieurs fois ou ne s’ouvrent pas ou ils sons remplacés par des fichiers (je les trouve pas mnt quand j enregistre un dossier soit j le trouve vide ou remplier par quelque musique qui sont pas de ce dossier originalmais je pense comme ça U¬U¬.lfm la date:06/01/2051) par fois je peux les effacer par fois nn
    merci ..

Le sujet ‘Aider moi a trouver une solution pour désinfecter mon flash’ est fermé à de nouvelles réponses.