Hello ,

:welcome:

C’est toi qui vient du forum Comment ça marche.net :)

Je colle ton lien de discussion là-bas pour les autres Helper : http://www.commentcamarche.net/forum/affich-28600434-aider-moi-a-trouver-une-solution-pour-desinfecter-mon-flash#top” onclick=”window.open(this.href);return false;

Ils sont étranges ces symptômes. Mais c’est pas la première fois que j’en entend parler.

Relance UsbFix avec les flash disk “infectés” connecté , choisi l’option Listing.

Fais moi ensuite parvenir le rapport dans ta prochaine réponse en utilisant le BBCode Spoiler stp ;)

@ Te lire

saluut ouii oui c’est moi , en fait merci bien et je veux dire que mon pc s’arrête parfois (écran bleu écriture blanche)
[spoiler:1a98ba40]############################## | UsbFix V 7.133 | [Listing]

Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 27/08/2013 par El Desaparecido
Lancé à 00:42:37 | 05/09/2013

Site Web: https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: https://www.sosvirus.net/viewtopic.php?f=6&t=489” onclick=”window.open(this.href);return false;
Contact: eldesaparecido@sosvirus.net

PC: TOSHIBA (Satellite c855) (x64-based PC)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz (2500)
RAM -> [Total : 6104 | Free : 3341]
BIOS: InsydeH2O Version 03.72.011.50
BOOT: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 450 Go (325 Go libre(s) – 72%) [] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 4 Go (2 Go libre(s) – 57%) [] # FAT32

################## | Listing |

[19/05/2013 – 00:36:11 | SHD ] C:$Recycle.Bin
[01/09/2013 – 07:32:28 | D ] C:AdwCleaner
[26/08/2013 – 22:34:51 | RASHD ] C:Autorun.inf
[28/08/2013 – 18:41:46 | A | 2691] C:bdlog.txt
[15/03/2012 – 20:26:46 | SHD ] C:Boot
[21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
[15/03/2012 – 20:26:49 | N | 8192] C:BOOTSECT.BAK
[11/01/2013 – 14:17:16 | D ] C:c60592a295c769f4d1820b14e0f0d2
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[19/05/2013 – 15:04:24 | D ] C:EasyPHP
[04/09/2013 – 04:14:52 | ASH | 4800225280] C:hiberfil.sys
[10/11/2012 – 08:25:46 | D ] C:IDE
[07/04/2012 – 16:58:15 | D ] C:Intel
[10/11/2012 – 08:24:40 | RHD ] C:MSOCache
[04/09/2013 – 04:14:52 | ASH | 6400303104] C:pagefile.sys
[02/09/2013 – 17:55:08 | A | 512] C:PhysicalDisk0_MBR.bin
[28/08/2013 – 02:27:54 | D ] C:Program Files
[01/09/2013 – 12:54:21 | D ] C:Program Files (x86)
[01/09/2013 – 12:54:22 | HD ] C:ProgramData
[01/09/2013 – 16:27:10 | D ] C:Sounds
[03/09/2013 – 18:59:02 | SHD ] C:System Volume Information
[16/05/2013 – 09:44:46 | D ] C:temp
[28/06/2012 – 11:12:04 | D ] C:Toshiba
[05/09/2013 – 00:42:38 | D ] C:UsbFix
[26/08/2013 – 22:33:21 | N | 12060] C:UsbFix [Clean 3] USER-TOSH.txt
[26/08/2013 – 22:35:03 | N | 2944] C:UsbFix [Listing 1 ] USER-TOSH.txt
[05/09/2013 – 00:42:38 | A | 2362] C:UsbFix [Listing 2 ] USER-TOSH.txt
[25/08/2013 – 23:35:12 | N | 10964] C:UsbFix [Scan 1] USER-TOSH.txt
[26/08/2013 – 22:21:47 | N | 10191] C:UsbFix [Scan 2] USER-TOSH.txt
[28/08/2013 – 01:36:31 | A | 10853] C:UsbFix [Scan 5] USER-TOSH.txt
[30/08/2013 – 02:24:24 | A | 9829] C:UsbFix [Scan 6] USER-TOSH.txt
[19/05/2013 – 00:37:41 | D ] C:Users
[04/09/2013 – 04:14:52 | D ] C:Windows
[03/09/2013 – 00:51:52 | D ] C:ZHP
[19/04/2013 – 12:52:02 | A | 3332838] F:Project X soundtrack – Beamer Benz Or Bentley.mp3
[19/06/2013 – 14:20:10 | A | 3438289] F:YP Bitches Money Weed (BMW).mp3
[21/01/2013 – 21:13:58 | D ] F:lil wayn
[01/09/2013 – 14:51:50 | D ] F:Booba
[20/08/2013 – 11:32:34 | D ] F:la fouine
[01/09/2013 – 17:28:44 | D ] F:emino
[02/05/2011 – 07:41:08 | A | 5113785] F:eminem – superman.mp3
[20/08/2012 – 01:53:56 | A | 4489258] F:eminen_lose your self .mp3
[26/12/2012 – 02:08:54 | A | 2778741] F:SEFYU – MOLOTOV 4.mp3
[01/01/2013 – 05:14:20 | A | 3621230] F:Sefyu – Turbo.mp3
[27/02/2012 – 12:52:50 | A | 4619316] F:Wiz Khalifa – Black And Yellow [G-Mix] ft. Snoop Dogg, Juicy J T-Pain – YouTube.flv.MP3
[19/08/2013 – 15:17:12 | D ] F:best of trance
[01/09/2013 – 17:41:58 | D ] F:deep
[06/11/2012 – 23:18:34 | A | 3245442] F:Lee Foss & MK feat. Anabel Englund – Electricity.mp3
[20/03/2013 – 23:12:14 | A | 3349138] F:Lana Del Rey – Summertime Sadness (Lee Foss & MK Remix).mp3
[03/09/2012 – 23:39:48 | A | 4524293] F:Phonique- Our Time Our Chance (feat. Ian Whitelaw) (Official music video).mp3
[31/05/2013 – 00:41:54 | A | 7677088] F:Tennis – Make It Good (Larry Heard Vocal Remix).mp3
[20/10/2012 – 16:12:10 | A | 5726014] F:Otto Knows – Million Voices (Original Mix) FULL VERSION.mp3
[24/12/2010 – 18:15:36 | A | 6141649] F:Yeah Yeah Yeahs – Heads Will Roll (A-Trak Remix) [BO Projet X HQ].mp3
[23/08/2012 – 02:27:04 | A | 6175335] F:Phonique – Feel What You Want Feat. Rebecca.mp3
[01/10/2012 – 00:16:46 | A | 9059297] F:Top 10 Female Vocal Trance.mp3
[01/09/2013 – 17:39:00 | A | 0] F:ABOVE&~1.MP3

################## | E.O.F |[/spoiler:1a98ba40]

Hello ,

C’est plutôt étrange ton affaire ;(

J’ai placé mon flash disque sur un autre PC. Depuis, quand j’enregistre des fichiers sur disque amovible quelqu’un se transforme en d’autre fichiers nommé par des symboles et de date de création bizarres (exp:01/09/ 2051) .

Quand je regarde les fichiers et dossier contenu dans le lecteur F on a :

[19/04/2013 – 12:52:02 | A | 3332838] F:Project X soundtrack – Beamer Benz Or Bentley.mp3
[19/06/2013 – 14:20:10 | A | 3438289] F:YP Bitches Money Weed (BMW).mp3
[21/01/2013 – 21:13:58 | D ] F:lil wayn
[01/09/2013 – 14:51:50 | D ] F:Booba
[20/08/2013 – 11:32:34 | D ] F:la fouine
[01/09/2013 – 17:28:44 | D ] F:emino
[02/05/2011 – 07:41:08 | A | 5113785] F:eminem – superman.mp3
[20/08/2012 – 01:53:56 | A | 4489258] F:eminen_lose your self .mp3
[26/12/2012 – 02:08:54 | A | 2778741] F:SEFYU – MOLOTOV 4.mp3
[01/01/2013 – 05:14:20 | A | 3621230] F:Sefyu – Turbo.mp3
[27/02/2012 – 12:52:50 | A | 4619316] F:Wiz Khalifa – Black And Yellow [G-Mix] ft. Snoop Dogg, Juicy J T-Pain – YouTube.flv.MP3
[19/08/2013 – 15:17:12 | D ] F:best of trance
[01/09/2013 – 17:41:58 | D ] F:deep
[06/11/2012 – 23:18:34 | A | 3245442] F:Lee Foss & MK feat. Anabel Englund – Electricity.mp3
[20/03/2013 – 23:12:14 | A | 3349138] F:Lana Del Rey – Summertime Sadness (Lee Foss & MK Remix).mp3
[03/09/2012 – 23:39:48 | A | 4524293] F:Phonique- Our Time Our Chance (feat. Ian Whitelaw) (Official music video).mp3
[31/05/2013 – 00:41:54 | A | 7677088] F:Tennis – Make It Good (Larry Heard Vocal Remix).mp3
[20/10/2012 – 16:12:10 | A | 5726014] F:Otto Knows – Million Voices (Original Mix) FULL VERSION.mp3
[24/12/2010 – 18:15:36 | A | 6141649] F:Yeah Yeah Yeahs – Heads Will Roll (A-Trak Remix) [BO Projet X HQ].mp3
[23/08/2012 – 02:27:04 | A | 6175335] F:Phonique – Feel What You Want Feat. Rebecca.mp3
[01/10/2012 – 00:16:46 | A | 9059297] F:Top 10 Female Vocal Trance.mp3
[01/09/2013 – 17:39:00 | A | 0] F:ABOVE&~1.MP3

Donc toi tu ne vois pas ces fichiers et dossiers ?

Si c’est bien ça , va dans menu démarrer -> ordinateur -> clic sur le disque F pour l’ouvrir. Ensuite fais une capture du contenu.

Fais moi parvenir cette capture via SosUpload : https://antimalware.top/” onclick=”window.open(this.href);return false;
Ensuite fais un clic droit sur l’un de ces fichiers “bizarre”, choisi propriété , fais une capture de l’onglet général et de l’onglet détails. Transmet moi également ces deux captures via SosUpload :)

@Te lire

ouii ouii , voila ce dossier nrml il contient des musiques mais voila ce qu il contient ( je pense qu il y a d autres fichiers comme selui la mais j l ai effacer)
https://antimalware.top/images/2013/09/06/Sans_titre4.png” onclick=”window.open(this.href);return false;
https://antimalware.top/images/2013/09/06/Sans_titre3.png” onclick=”window.open(this.href);return false;
https://antimalware.top/images/2013/09/06/Sans_titre2.png” onclick=”window.open(this.href);return false;
@ +

Hello ,

Milles excuses, je n’avais pas vu que tu avais répondu :(

Je vais demander l’avis d’un autre helper Evasion60 :)

@ plus tard.

merci bien , sosupload ne peux pas heberger mes rapports …
https://forums-fec.be/upload/www/?a=d&i=6893683567” onclick=”window.open(this.href);return false;
https://forums-fec.be/upload/www/?a=d&i=7668009952” onclick=”window.open(this.href);return false;
@ +

OTL logfile created on: 10/09/2013 23:59:08 – Run 1
OTL by OldTimer – Version 3.2.69.0 Folder = C:UsersAdministrateurDesktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) – Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

5,96 Gb Total Physical Memory | 3,15 Gb Available Physical Memory | 52,90% Memory free
11,92 Gb Paging File | 8,05 Gb Available in Paging File | 67,50% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 449,65 Gb Total Space | 324,07 Gb Free Space | 72,07% Space Free | Partition Type: NTFS
Drive F: | 3,90 Gb Total Space | 0,79 Gb Free Space | 20,16% Space Free | Partition Type: FAT32

Computer Name: USER-TOSH | User Name: Administrateur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC – File not found —
PRC – [2013/09/09 14:31:56 | 000,602,112 | —- | M] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
PRC – [2013/09/02 21:35:59 | 000,829,392 | —- | M] (Google Inc.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
PRC – [2013/08/30 03:41:32 | 000,356,376 | —- | M] (Kaspersky Lab ZAO) — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe
PRC – [2013/07/13 04:47:29 | 000,217,992 | —- | M] (Google Inc.) — C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe
PRC – [2013/04/04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
PRC – [2013/04/04 14:50:32 | 000,532,040 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe
PRC – [2013/04/04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
PRC – [2013/02/26 02:28:44 | 000,357,456 | —- | M] (VMware, Inc.) — C:WindowsSysWOW64vmnetdhcp.exe
PRC – [2013/02/26 02:28:26 | 000,436,304 | —- | M] (VMware, Inc.) — C:WindowsSysWOW64vmnat.exe
PRC – [2013/02/26 01:30:42 | 000,087,120 | —- | M] (VMware, Inc.) — C:Program Files (x86)VMwareVMware Playervmware-authd.exe
PRC – [2012/10/23 18:42:06 | 000,347,120 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe
PRC – [2012/10/23 18:41:44 | 001,739,760 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere.exe
PRC – [2012/10/23 18:41:41 | 000,637,936 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe
PRC – [2012/02/05 05:41:10 | 000,231,328 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeSrvUseMng.exe
PRC – [2012/02/05 05:40:56 | 000,219,048 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeSrvProvider.exe
PRC – [2012/02/04 21:47:54 | 000,251,808 | —- | M] (TOSHIBA CORPORATION) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosLeBtMng.exe
PRC – [2012/02/04 21:16:54 | 002,824,104 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtMng.exe
PRC – [2012/01/21 00:29:26 | 000,277,784 | —- | M] (Intel Corporation) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
PRC – [2011/11/04 14:40:06 | 000,687,400 | —- | M] (Nero AG) — C:Program Files (x86)NeroUpdateNASvc.exe
PRC – [2011/08/08 21:43:00 | 000,690,072 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosA2dp.exe
PRC – [2011/08/08 21:36:00 | 000,087,960 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtHid.exe
PRC – [2011/06/06 12:55:28 | 000,064,952 | —- | M] (Adobe Systems Incorporated) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
PRC – [2011/03/14 16:27:28 | 000,236,384 | —- | M] (Huawei Technologies Co., Ltd.) — C:ProgramDataDatacardServiceDCSHelper.exe
PRC – [2011/02/03 23:18:00 | 000,742,800 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosAVRC.exe
PRC – [2010/11/21 04:25:10 | 000,164,864 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Windows Media Playerwmplayer.exe
PRC – [2010/09/07 00:18:00 | 000,746,384 | —- | M] (TOSHIBA CORPORATION.) — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtHSP.exe

========== Modules (No Company Name) ==========

MOD – [2013/09/02 21:35:56 | 000,410,576 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66ppgooglenaclpluginchrome.dll
MOD – [2013/09/02 21:35:55 | 013,599,184 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66PepperFlashpepflashplayer.dll
MOD – [2013/09/02 21:35:54 | 004,053,456 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66pdf.dll
MOD – [2013/09/02 21:35:04 | 000,709,584 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66libglesv2.dll
MOD – [2013/09/02 21:35:03 | 000,099,792 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66libegl.dll
MOD – [2013/09/02 21:35:01 | 001,604,560 | —- | M] () — C:Program Files (x86)GoogleChromeApplication29.0.1547.66ffmpegsumo.dll
MOD – [2012/10/23 18:41:44 | 001,739,760 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere.exe
MOD – [2012/10/23 18:41:41 | 000,637,936 | —- | M] () — C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe
MOD – [2012/10/23 18:40:44 | 000,249,344 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgMobileBroadband7.dll
MOD – [2012/10/23 18:38:48 | 000,606,208 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgCore.dll
MOD – [2012/10/23 18:38:04 | 000,204,800 | —- | M] () — C:Program Files (x86)InternetEverywhereLiveBoxCM.dll
MOD – [2012/10/23 18:37:38 | 000,073,728 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDriverInstall.dll
MOD – [2012/10/23 18:37:27 | 000,376,832 | —- | M] () — C:Program Files (x86)InternetEverywhereWTGSMSPCClient.dll
MOD – [2012/10/23 18:37:18 | 000,139,264 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgBluetooth.dll
MOD – [2012/10/23 18:37:10 | 000,212,992 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDetection.dll
MOD – [2012/10/23 18:36:57 | 000,126,976 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgWiFi.dll
MOD – [2012/10/23 18:36:46 | 000,081,920 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDialup.dll
MOD – [2012/10/23 18:36:29 | 000,102,400 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgDatabase.dll
MOD – [2012/10/23 18:36:22 | 000,159,744 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgPorts.dll
MOD – [2012/10/23 18:36:16 | 000,106,496 | —- | M] () — C:Program Files (x86)InternetEverywhereWtgUtil.dll
MOD – [2012/10/23 18:35:54 | 000,602,112 | —- | M] () — C:Program Files (x86)InternetEverywhereWTGXMLUtil.dll
MOD – [2012/08/17 21:40:16 | 000,068,024 | —- | M] () — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013QtWebKitqmlwebkitplugin4.dll
MOD – [2012/08/17 21:38:56 | 000,479,160 | —- | M] () — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013dblite.dll
MOD – [2012/01/25 18:57:12 | 000,172,032 | —- | M] () — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosGatt.dll
MOD – [2011/11/10 08:48:48 | 001,105,920 | —- | M] () — C:Program Files (x86)InternetEverywhereNDISAPI.dll
MOD – [2007/02/27 19:44:00 | 000,823,296 | —- | M] () — C:Program Files (x86)InternetEverywherelibeay32.dll

========== Services (SafeList) ==========

SRV:64bit: – [2013/05/27 06:50:47 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] — C:Program FilesWindows DefenderMpSvc.dll — (WinDefend)
SRV:64bit: – [2012/01/20 12:27:28 | 000,235,520 | —- | M] (AMD) [Auto | Running] — C:WindowsSysNativeatiesrxx.exe — (AMD External Events Utility)
SRV:64bit: – [2011/12/16 07:16:48 | 000,583,088 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:Program FilesTOSHIBAPower SaverTosCoSrv.exe — (TosCoSrv)
SRV:64bit: – [2011/12/14 23:11:38 | 000,833,976 | —- | M] (TOSHIBA Corporation) [On_Demand | Running] — C:Program FilesTOSHIBATPHMTPCHSrv.exe — (TPCHSrv)
SRV:64bit: – [2011/11/26 02:52:36 | 000,138,152 | —- | M] (TOSHIBA Corporation) [On_Demand | Running] — C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe — (TOSHIBA HDD SSD Alert Service)
SRV:64bit: – [2011/11/24 21:20:38 | 000,294,848 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:Program FilesTOSHIBATECOTecoService.exe — (TOSHIBA eco Utility Service)
SRV:64bit: – [2010/10/20 22:41:00 | 000,138,656 | —- | M] (TOSHIBA Corporation) [Auto | Running] — C:WindowsSysNativeTODDSrv.exe — (TODDSrv)
SRV:64bit: – [2010/09/22 18:10:10 | 000,057,184 | —- | M] (Microsoft Corporation) [Disabled | Stopped] — C:Program FilesWindows LiveMeshwlcrasvc.exe — (wlcrasvc)
SRV:64bit: – [2010/09/10 01:26:34 | 000,162,824 | —- | M] () [Auto | Running] — C:WindowsSysNativeGFNEXSrv.exe — (GFNEXSrv)
SRV:64bit: – [2009/12/16 16:44:44 | 003,750,400 | —- | M] (SafeNet Inc.) [Auto | Running] — C:WindowsSysNativehasplms.exe — (hasplms)
SRV – [2013/08/30 03:41:32 | 000,356,376 | —- | M] (Kaspersky Lab ZAO) [Auto | Running] — C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe — (AVP)
SRV – [2013/04/04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) [Auto | Running] — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe — (MBAMService)
SRV – [2013/04/04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) [Auto | Running] — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe — (MBAMScheduler)
SRV – [2013/02/26 02:28:44 | 000,357,456 | —- | M] (VMware, Inc.) [Auto | Running] — C:WindowsSysWOW64vmnetdhcp.exe — (VMnetDHCP)
SRV – [2013/02/26 02:28:26 | 000,436,304 | —- | M] (VMware, Inc.) [Auto | Running] — C:WindowsSysWOW64vmnat.exe — (VMware NAT Service)
SRV – [2013/02/26 01:30:42 | 000,087,120 | —- | M] (VMware, Inc.) [Auto | Running] — C:Program Files (x86)VMwareVMware Playervmware-authd.exe — (VMAuthdService)
SRV – [2012/10/23 18:42:06 | 000,347,120 | —- | M] () [Auto | Running] — C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe — (InternetEverywhere_Service)
SRV – [2012/10/11 16:15:30 | 000,918,680 | —- | M] (VMware, Inc.) [Auto | Running] — C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe — (VMUSBArbService)
SRV – [2012/07/13 13:28:36 | 000,160,944 | —- | M] (Skype Technologies) [Auto | Stopped] — C:Program Files (x86)SkypeUpdaterUpdater.exe — (SkypeUpdate)
SRV – [2012/01/21 00:29:26 | 000,277,784 | —- | M] (Intel Corporation) [Auto | Running] — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe — (LMS)
SRV – [2011/11/04 14:40:06 | 000,687,400 | —- | M] (Nero AG) [Auto | Running] — C:Program Files (x86)NeroUpdateNASvc.exe — (NAUpdate)
SRV – [2011/07/12 01:16:06 | 000,057,216 | —- | M] (TOSHIBA Corporation) [On_Demand | Stopped] — C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe — (TMachInfo)
SRV – [2011/06/06 12:55:28 | 000,064,952 | —- | M] (Adobe Systems Incorporated) [Auto | Running] — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe — (AdobeARMservice)
SRV – [2011/04/02 01:42:00 | 000,198,064 | —- | M] (TOSHIBA CORPORATION) [On_Demand | Running] — C:Program Files (x86)TOSHIBABluetooth Toshiba StackTosBtSrv.exe — (TOSHIBA Bluetooth Service)
SRV – [2011/03/14 16:27:34 | 000,346,976 | —- | M] () [Auto | Running] — C:ProgramDataDatacardServiceHWDeviceService64.exe — (HWDeviceService64.exe)
SRV – [2011/02/10 09:25:36 | 000,112,080 | —- | M] (Toshiba Europe GmbH) [Auto | Running] — C:Program Files (x86)Toshiba TEMPROTemproSvc.exe — (TemproMonitoringService)
SRV – [2010/10/12 18:59:12 | 000,206,072 | —- | M] (WildTangent, Inc.) [On_Demand | Stopped] — C:Program Files (x86)WildTangent GamesAppGamesAppService.exe — (GamesAppService)
SRV – [2010/03/18 13:16:28 | 000,130,384 | —- | M] (Microsoft Corporation) [Auto | Stopped] — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe — (clr_optimization_v4.0.30319_32)
SRV – [2010/02/19 13:37:14 | 000,517,096 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] — C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe — (SwitchBoard)
SRV – [2009/06/10 22:23:09 | 000,066,384 | —- | M] (Microsoft Corporation) [Disabled | Stopped] — C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe — (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: – [2013/08/30 04:22:17 | 000,178,448 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriverskneps.sys — (kneps)
DRV:64bit: – [2013/08/30 04:22:17 | 000,054,368 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriverskltdi.sys — (kltdi)
DRV:64bit: – [2013/08/30 04:22:17 | 000,029,528 | —- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversklmouflt.sys — (klmouflt)
DRV:64bit: – [2013/08/30 04:22:16 | 000,620,128 | —- | M] (Kaspersky Lab ZAO) [File_System | System | Running] — C:WindowsSysNativedriversklif.sys — (KLIF)
DRV:64bit: – [2013/08/30 04:22:16 | 000,029,016 | —- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversklkbdflt.sys — (klkbdflt)
DRV:64bit: – [2013/04/30 09:51:09 | 000,040,616 | —- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriverstap0901.sys — (tap0901)
DRV:64bit: – [2013/04/15 10:50:30 | 000,127,384 | —- | M] (Power Software Ltd) [Kernel | System | Running] — C:windowsSysNativedriversscdemu.sys — (SCDEmu)
DRV:64bit: – [2013/04/04 14:50:32 | 000,025,928 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] — C:WindowsSysNativedriversmbam.sys — (MBAMProtector)
DRV:64bit: – [2013/02/26 02:28:48 | 000,067,664 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmx86.sys — (vmx86)
DRV:64bit: – [2013/02/26 02:28:14 | 000,030,800 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmnetuserif.sys — (VMnetuserif)
DRV:64bit: – [2013/02/26 02:27:48 | 000,045,720 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedriversvmnetbridge.sys — (VMnetBridge)
DRV:64bit: – [2013/02/26 02:27:44 | 000,033,360 | —- | M] (VMware, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversVMkbd.sys — (vmkbd2)
DRV:64bit: – [2013/01/01 17:11:02 | 000,422,400 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewusbwwan.sys — (ewusbmbb)
DRV:64bit: – [2012/12/25 15:37:54 | 000,223,232 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewusbmdm.sys — (hwdatacard)
DRV:64bit: – [2012/12/25 15:37:54 | 000,117,248 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversew_hwusbdev.sys — (ew_hwusbdev)
DRV:64bit: – [2012/12/25 15:37:54 | 000,098,304 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jucdcacm.sys — (huawei_cdcacm)
DRV:64bit: – [2012/12/25 15:37:54 | 000,087,040 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jubusenum.sys — (huawei_enumerator)
DRV:64bit: – [2012/12/25 15:37:54 | 000,072,192 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_jucdcecm.sys — (huawei_cdcecm)
DRV:64bit: – [2012/12/25 15:37:54 | 000,028,672 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_juextctrl.sys — (huawei_ext_ctrl)
DRV:64bit: – [2012/12/25 15:37:54 | 000,013,952 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversew_usbenumfilter.sys — (ew_usbenumfilter)
DRV:64bit: – [2012/11/30 17:35:28 | 000,112,896 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversewsercd.sys — (ewsercd)
DRV:64bit: – [2012/10/24 14:17:14 | 000,070,296 | —- | M] (VMware, Inc.) [Kernel | Boot | Running] — C:WindowsSysNativedriversvsock.sys — (vsock)
DRV:64bit: – [2012/10/24 14:17:10 | 000,085,104 | —- | M] (VMware, Inc.) [Kernel | Boot | Running] — C:WindowsSysNativedriversvmci.sys — (vmci)
DRV:64bit: – [2012/10/11 16:15:32 | 000,052,376 | —- | M] (VMware, Inc.) [Kernel | Auto | Running] — C:WindowsSysNativedrivershcmon.sys — (hcmon)
DRV:64bit: – [2012/10/11 16:15:06 | 000,037,680 | —- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversvmusb.sys — (vmusb)
DRV:64bit: – [2012/08/02 15:09:34 | 000,028,504 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] — C:WindowsSysNativedriversklim6.sys — (KLIM6)
DRV:64bit: – [2012/06/29 20:39:02 | 000,004,608 | —- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversvncmirror.sys — (vncmirror)
DRV:64bit: – [2012/06/19 17:28:12 | 000,458,584 | —- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] — C:WindowsSysNativedriverskl1.sys — (kl1)
DRV:64bit: – [2012/03/01 07:46:16 | 000,023,408 | —- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] — C:windowsSysNativedriversfs_rec.sys — (Fs_Rec)
DRV:64bit: – [2012/01/30 22:14:00 | 000,304,696 | —- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfbd.sys — (tosrfbd)
DRV:64bit: – [2012/01/20 12:53:32 | 010,731,520 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversatikmdag.sys — (amdkmdag)
DRV:64bit: – [2012/01/20 11:34:36 | 000,328,192 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversatikmpag.sys — (amdkmdap)
DRV:64bit: – [2012/01/17 01:20:38 | 001,082,472 | —- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversrtwlane.sys — (RTL8192Ce)
DRV:64bit: – [2012/01/05 21:42:32 | 000,021,096 | —- | M] (Realtek Microelectronics) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRtkBtfilter.sys — (RtkBtFilter)
DRV:64bit: – [2012/01/05 11:58:50 | 000,786,200 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversiusb3xhc.sys — (iusb3xhc)
DRV:64bit: – [2012/01/05 11:58:50 | 000,355,096 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversiusb3hub.sys — (iusb3hub)
DRV:64bit: – [2012/01/05 11:58:50 | 000,016,152 | —- | M] (Intel Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversiusb3hcs.sys — (iusb3hcs)
DRV:64bit: – [2011/12/19 20:15:10 | 000,411,920 | —- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversSynTP.sys — (SynTP)
DRV:64bit: – [2011/12/17 01:24:00 | 000,079,040 | —- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfusb.sys — (Tosrfusb)
DRV:64bit: – [2011/12/01 11:42:44 | 000,072,240 | —- | M] (Nero AG) [Kernel | Boot | Running] — C:WindowsSysNativedriversNBVol.sys — (NBVol)
DRV:64bit: – [2011/12/01 11:42:44 | 000,015,920 | —- | M] (Nero AG) [Kernel | Boot | Running] — C:WindowsSysNativedriversNBVolUp.sys — (NBVolUp)
DRV:64bit: – [2011/11/30 03:40:32 | 000,568,600 | —- | M] (Intel Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversiaStor.sys — (iaStor)
DRV:64bit: – [2011/11/10 09:04:14 | 000,060,184 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversHECIx64.sys — (MEIx64)
DRV:64bit: – [2011/10/17 20:40:50 | 000,093,712 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversAtihdW76.sys — (AtiHDAudioService)
DRV:64bit: – [2011/08/24 05:57:24 | 000,565,352 | —- | M] (Realtek ) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRt64win7.sys — (RTL8167)
DRV:64bit: – [2011/08/17 22:27:06 | 000,251,496 | —- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversRtsUStor.sys — (RSUSBSTOR)
DRV:64bit: – [2011/03/18 23:03:18 | 000,482,384 | —- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriverstos_sps64.sys — (tos_sps64)
DRV:64bit: – [2011/03/11 07:41:12 | 000,107,904 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversamdsata.sys — (amdsata)
DRV:64bit: – [2011/03/11 07:41:12 | 000,027,008 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] — C:WindowsSysNativedriversamdxata.sys — (amdxata)
DRV:64bit: – [2011/02/09 03:07:00 | 000,038,096 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversPGEffect.sys — (PGEffect)
DRV:64bit: – [2010/11/29 19:47:00 | 000,082,224 | —- | M] (TOSHIBA Corporation) [Kernel | System | Running] — C:WindowsSysNativedriverstosrfcom.sys — (Tosrfcom)
DRV:64bit: – [2010/11/21 04:24:33 | 000,059,392 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTsUsbFlt.sys — (TsUsbFlt)
DRV:64bit: – [2010/11/21 04:23:47 | 000,078,720 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversHpSAMD.sys — (HpSAMD)
DRV:64bit: – [2010/11/21 04:23:47 | 000,031,232 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTsUsbGD.sys — (TsUsbGD)
DRV:64bit: – [2010/11/11 18:27:00 | 000,050,864 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfbnp.sys — (tosrfbnp)
DRV:64bit: – [2010/08/30 18:48:00 | 000,094,528 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversTosrfhid.sys — (Tosrfhid)
DRV:64bit: – [2010/06/19 00:45:00 | 000,018,872 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfec.sys — (tosrfec)
DRV:64bit: – [2010/04/26 19:48:00 | 000,063,488 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversTosRfSnd.sys — (TosRfSnd)
DRV:64bit: – [2009/09/23 02:46:18 | 000,066,304 | —- | M] (Microsoft Corporation) [Kernel | System | Running] — C:WindowsSysNativedriversvpcnfltr.sys — (vpcnfltr)
DRV:64bit: – [2009/09/23 02:46:17 | 000,359,552 | —- | M] (Microsoft Corporation) [Kernel | System | Running] — C:WindowsSysNativedriversvpcvmm.sys — (vpcvmm)
DRV:64bit: – [2009/09/23 02:32:39 | 000,095,232 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversvpcusb.sys — (vpcusb)
DRV:64bit: – [2009/09/23 02:32:33 | 000,187,904 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversvpchbus.sys — (vpcbus)
DRV:64bit: – [2009/09/21 08:07:26 | 000,071,040 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedriversaksdf.sys — (aksdf)
DRV:64bit: – [2009/08/20 07:02:06 | 000,130,816 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedriversaksfridge.sys — (aksfridge)
DRV:64bit: – [2009/07/31 04:22:04 | 000,027,784 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstdcmdpst.sys — (tdcmdpst)
DRV:64bit: – [2009/07/24 19:33:00 | 000,026,472 | —- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosrfnds.sys — (tosrfnds)
DRV:64bit: – [2009/07/15 00:31:18 | 000,026,840 | —- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] — C:WindowsSysNativedriversTVALZ_O.SYS — (TVALZ)
DRV:64bit: – [2009/07/14 02:52:20 | 000,194,128 | —- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversamdsbs.sys — (amdsbs)
DRV:64bit: – [2009/07/14 02:48:04 | 000,065,600 | —- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriverslsi_sas2.sys — (LSI_SAS2)
DRV:64bit: – [2009/07/14 02:45:55 | 000,024,656 | —- | M] (Promise Technology) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversstexstor.sys — (stexstor)
DRV:64bit: – [2009/07/14 01:10:47 | 000,011,264 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriversrootmdm.sys — (ROOTMODEM)
DRV:64bit: – [2009/06/20 03:15:22 | 000,014,472 | —- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] — C:WindowsSysNativedriversTVALZFL.sys — (TVALZFL)
DRV:64bit: – [2009/06/17 20:01:00 | 000,054,664 | —- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] — C:WindowsSysNativedriverstosporte.sys — (tosporte)
DRV:64bit: – [2009/06/10 21:34:33 | 003,286,016 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversevbda.sys — (ebdrv)
DRV:64bit: – [2009/06/10 21:34:28 | 000,468,480 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversbxvbda.sys — (b06bdrv)
DRV:64bit: – [2009/06/10 21:34:23 | 000,270,848 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedriversb57nd60a.sys — (b57nd60a)
DRV:64bit: – [2009/06/10 21:31:59 | 000,031,232 | —- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] — C:WindowsSysNativedrivershcw85cir.sys — (hcw85cir)
DRV:64bit: – [2009/03/13 10:55:38 | 000,318,464 | —- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] — C:WindowsSysNativedrivershardlock.sys — (hardlock)
DRV – [2013/01/01 17:11:03 | 000,098,304 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jucdcacm.sys — (huawei_cdcacm)
DRV – [2013/01/01 17:11:03 | 000,087,040 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jubusenum.sys — (huawei_enumerator)
DRV – [2013/01/01 17:11:03 | 000,072,192 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_jucdcecm.sys — (huawei_cdcecm)
DRV – [2013/01/01 17:11:03 | 000,028,672 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_juextctrl.sys — (huawei_ext_ctrl)
DRV – [2013/01/01 17:11:03 | 000,013,952 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] — C:WindowsSysWOW64driversew_usbenumfilter.sys — (ew_usbenumfilter)
DRV – [2013/01/01 17:11:02 | 000,422,400 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbwwan.sys — (ewusbmbb)
DRV – [2013/01/01 17:11:02 | 000,274,944 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbnet.sys — (ewusbnet)
DRV – [2013/01/01 17:11:02 | 000,223,232 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversewusbmdm.sys — (hwdatacard)
DRV – [2013/01/01 17:11:02 | 000,117,248 | —- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] — C:WindowsSysWOW64driversew_hwusbdev.sys — (ew_hwusbdev)
DRV – [2009/07/14 02:19:10 | 000,019,008 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] — C:WindowsSysWOW64driverswimmount.sys — (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
IE:64bit: – HKLM..SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
IE:64bit: – HKLM..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search bar = http://search.msn.com/spbasic.htm” onclick=”window.open(this.href);return false;
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = Reg Error: Value error.
IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
IE – HKLM..URLSearchHook: – No CLSID value found
IE – HKLM..SearchScopes,DefaultScope =
IE – HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q=” onclick=”window.open(this.href);return false;{searchTerms}&FORM=IE8SRC
IE – HKLM..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;

IE – HKU.DEFAULT..SearchScopes,DefaultScope =
IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

IE – HKUS-1-5-18..SearchScopes,DefaultScope =
IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

IE – HKUS-1-5-19..SearchScopes,DefaultScope =

IE – HKUS-1-5-20..SearchScopes,DefaultScope =

IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes,DefaultScope = {207A80BF-3A4A-4226-B000-87445381F153}
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes${searchCLSID}: “URL” = http://search.live.com/results.aspx?q=” onclick=”window.open(this.href);return false;{searchTerms}&src={referrer:source?}
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500..SearchScopes{207A80BF-3A4A-4226-B000-87445381F153}: “URL” = http://www.google.com/search?sourceid=ie7&q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_frTN490
IE – HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF:64bit: – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF64_11_7_700_224.dll File not found
FF:64bit: – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll ()
FF – HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:windowsSysWOW64AdobeDirectornp32dsw_1202122.dll (Adobe Systems, Inc.)
FF – HKLMSoftwareMozillaPlugins@google.com/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)
FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF – HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll ( Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF – HKLMSoftwareMozillaPlugins@Nero.com/KM: C:PROGRA~2COMMON~1NeroBROWSE~1NPBROW~1.DLL (Nero AG)
FF – HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=15.0.6.14: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
FF – HKLMSoftwareMozillaPlugins@real.com/nprpplugin;version=15.0.6.14: C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll (RealPlayer)
FF – HKLMSoftwareMozillaPlugins@richmediaplayer.com/nppluginrichmediaplayer: C:Program Files (x86)Mozilla Firefoxpluginsnppluginrichmediaplayer.dll ()
FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
FF – HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll (Google Inc.)
FF – HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.4: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)
FF – HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll ()
FF – HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF – HKCUSoftwareMozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:UsersAdministrateurAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)
FF – HKCUSoftwareMozillaPlugins@unity3d.com/UnityPlayer,version=1.0: C:UsersAdministrateurAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{0153E448-190B-4987-BDE1-F256CADA672F}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/12/08 17:23:23 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsFirefox{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013/08/28 18:51:18 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\url_advisor@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExturl_advisor@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\virtual_keyboard@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExtvirtual_keyboard@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]
FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\content_blocker@kaspersky.com: C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013FFExtcontent_blocker@kaspersky.com [2013/08/30 04:22:25 | 000,000,000 | —D | M]

[2013/01/03 18:45:41 | 000,000,000 | —D | M] (No name found) — C:Program Files (x86)Mozilla Firefoxextensions
[2013/03/12 09:27:46 | 000,093,976 | —- | M] () — C:Program Files (x86)mozilla firefoxpluginsnppluginrichmediaplayer.dll

========== Chrome ==========

CHR – default_search_provider: google (Enabled)
CHR – default_search_provider: search_url = http://www.google.fr/search?q=” onclick=”window.open(this.href);return false;{searchTerms}
CHR – default_search_provider: suggest_url =
CHR – plugin: Shockwave Flash (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66PepperFlashpepflashplayer.dll
CHR – plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR – plugin: Native Client (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66ppGoogleNaClPluginChrome.dll
CHR – plugin: Chrome PDF Viewer (Enabled) = C:Program Files (x86)GoogleChromeApplication29.0.1547.66pdf.dll
CHR – plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll
CHR – plugin: Nero Kwik Media Helper (Enabled) = C:PROGRA~2COMMON~1NeroBROWSE~1NPBROW~1.DLL
CHR – plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll
CHR – plugin: Picasa (Enabled) = C:Program Files (x86)GooglePicasa3npPicasa3.dll
CHR – plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.153npGoogleUpdate3.dll
CHR – plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll
CHR – plugin: PluginRichmediaplayer (Enabled) = C:Program Files (x86)Mozilla Firefoxpluginsnppluginrichmediaplayer.dll
CHR – plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll
CHR – plugin: RealJukebox NS Plugin (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll
CHR – plugin: RealPlayer Download Plugin (Enabled) = C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll
CHR – plugin: VLC Web Plugin (Enabled) = C:Program Files (x86)VideoLANVLCnpvlc.dll
CHR – plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll
CHR – plugin: Windows Liveu0099 Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll
CHR – plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll
CHR – plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll
CHR – plugin: Unity Player (Enabled) = C:UsersAdministrateurAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll
CHR – plugin: Facebook Video Calling Plugin (Enabled) = C:UsersAdministrateurAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll
CHR – plugin: Shockwave for Director (Enabled) = C:windowsSysWOW64AdobeDirectornp32dsw_1202122.dll
CHR – plugin: Shockwave Flash (Enabled) = C:windowsSysWOW64MacromedFlashNPSWF32_11_7_700_224.dll
CHR – plugin: Silverlight Plug-In (Enabled) = c:Program Files (x86)Microsoft Silverlight5.1.20513.0npctrl.dll
CHR – Extension: Documents Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake.0.0.6_0
CHR – Extension: Documents Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake.5_0
CHR – Extension: Googleu00A0Drive = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.2_0
CHR – Extension: Googleu00A0Drive = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf6.3_0
CHR – Extension: YouTube = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0
CHR – Extension: YouTube = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.6_0
CHR – Extension: Recherche Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf.0.0.19_0
CHR – Extension: Recherche Google = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf.0.0.20_0
CHR – Extension: Kaspersky URL Advisor = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsdchlnpcodkpfdpacogkljefecpegganj13.0.1.4190_0
CHR – Extension: Download Video = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsdoagiokpgboiomffjfhaiimafndmmpni1.3.1_0
CHR – Extension: RealPlayer HTML5Video Downloader Extension = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0
CHR – Extension: RealPlayer HTML5Video Downloader Extension = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_1
CHR – Extension: Chrome In-App Payments service = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda.0.4.10_0
CHR – Extension: Chrome In-App Payments service = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda.0.4.10_1
CHR – Extension: Gmail = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0
CHR – Extension: Gmail = C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_1

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | —- | M]) – C:WindowsSysNativedriversetchosts
O2:64bit: – BHO: (Content Blocker Plugin) – {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtContentBlockerie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: – BHO: (Virtual Keyboard Plugin) – {73455575-E40C-433C-9784-C78DC7761455} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: – BHO: (Google Toolbar Helper) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O2:64bit: – BHO: (URL Advisor Plugin) – {E33CF602-D945-461A-83F0-819F76A199F8} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: – BHO: (TOSHIBA Media Controller Plug-in) – {F3C88694-EFFA-4d78-B409-54B7B2535B14} – C:Program Files (x86)TOSHIBATOSHIBA Media Controller Plug-inx64TOSHIBAMediaControllerIE.dll ()
O2 – BHO: (RealPlayer Download and Record Plugin for Internet Explorer) – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
O2 – BHO: (Content Blocker Plugin) – {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtContentBlockerie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 – BHO: (Virtual Keyboard Plugin) – {73455575-E40C-433C-9784-C78DC7761455} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 – BHO: (Java(tm) Plug-In SSV Helper) – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)
O2 – BHO: (Rich Media Downloader) – {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIERichMediaDownloader.dll (Radiocom CJSC)
O2 – BHO: (Google Toolbar Helper) – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
O2 – BHO: (URL Advisor Plugin) – {E33CF602-D945-461A-83F0-819F76A199F8} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O2 – BHO: (TOSHIBA Media Controller Plug-in) – {F3C88694-EFFA-4d78-B409-54B7B2535B14} – C:Program Files (x86)TOSHIBATOSHIBA Media Controller Plug-inTOSHIBAMediaControllerIE.dll ()
O2 – BHO: (Rich Media Player) – {FEB703F7-E7B2-4AB0-9566-87658AC70095} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIEPluginRichmediaplayer.dll ()
O3:64bit: – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
O3 – HKLM..Toolbar: (Google Toolbar) – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll File not found
O3 – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
O4:64bit: – HKLM..Run: [] File not found
O4:64bit: – HKLM..Run: [AdobeAAMUpdater-1.0] C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: – HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)
O4:64bit: – HKLM..Run: [SRS Premium Sound HD] C:Program FilesSRS LabsSRS Control PanelSRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: – HKLM..Run: [TCrdMain] C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [Teco] C:Program FilesTOSHIBATECOTeco.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [Toshiba Registration] C:Program FilesTOSHIBARegistrationToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: – HKLM..Run: [Toshiba TEMPRO] C:Program Files (x86)Toshiba TEMPROTemproTray.exe (Toshiba Europe GmbH)
O4:64bit: – HKLM..Run: [TosSENotify] C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [TosVolRegulator] C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [TosWaitSrv] C:Program FilesTOSHIBATPHMTosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: – HKLM..Run: [TPwrMain] C:Program FilesTOSHIBAPower SaverTPwrMain.exe (TOSHIBA Corporation)
O4 – HKLM..Run: [AdobeCS6ServiceManager] C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe (Adobe Systems Incorporated)
O4 – HKLM..Run: [AVP] C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe (Kaspersky Lab ZAO)
O4 – HKLM..Run: [NBAgent] C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe (Nero AG)
O4 – HKLM..Run: [StartCCC] C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe (Advanced Micro Devices, Inc.)
O4 – HKLM..Run: [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated)
O4 – HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerupdaterealsched.exe (RealNetworks, Inc.)
O4 – HKU.DEFAULT..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-18..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-19..Run: [Sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)
O4 – HKUS-1-5-19..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-20..Run: [Sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)
O4 – HKUS-1-5-20..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-21-3799678134-1094475672-2913924675-500..Run: [Facebook Update] C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe (Facebook Inc.)
O4 – HKUS-1-5-21-3799678134-1094475672-2913924675-500..Run: [TOPI.EXE] C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe (TOSHIBA)
O4 – HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
O4 – HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found
O4 – Startup: C:UsersDefaultAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
O4 – Startup: C:UsersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
O4 – Startup: C:UsersInvitéAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupTRDCReminder.lnk = C:Program Files (x86)TOSHIBATRDCReminderTRDCReminder.exe (TOSHIBA Europe)
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 3
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0
O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLinkedConnections = 1
O7 – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
O7 – HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 3
O8:64bit: – Extra context menu item: Add to Google Photos Screensa&ver – res://C” onclick=”window.open(this.href);return false;:windowssystem32GPhotos.scr/200 File not found
O8 – Extra context menu item: Add to Google Photos Screensa&ver – C:windowsSysWow64GPhotos.scr (Google Inc.)
O9:64bit: – Extra Button: Virtual Keyboard – {0C4CC089-D306-440D-9772-464E226F6539} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: – Extra Button: URLs check – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013x64IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O9 – Extra Button: Virtual Keyboard – {0C4CC089-D306-440D-9772-464E226F6539} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 – Extra Button: Rich Media Downloader – {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} – C:UsersAdministrateurAppDataLocalRich Media PlayerBrowserExtensionsIERichMediaDownloader.dll (Radiocom CJSC)
O9 – Extra Button: URLs check – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013IEExtUrlAdvisorklwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: – Protocol_Catalog9Catalog_Entries6400000000012 – C:WindowsSysNativevsocklib.dll (VMware, Inc.)
O10:64bit: – Protocol_Catalog9Catalog_Entries6400000000013 – C:WindowsSysNativevsocklib.dll (VMware, Inc.)
O10 – Protocol_Catalog9Catalog_Entries00000000012 – C:WindowsSysWOW64vsocklib.dll (VMware, Inc.)
O10 – Protocol_Catalog9Catalog_Entries00000000013 – C:WindowsSysWOW64vsocklib.dll (VMware, Inc.)
O1364bit: – gopher Prefix: missing
O13 – gopher Prefix: missing
O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
O16 – DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
O16 – DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab” onclick=”window.open(this.href);return false; (Java Plug-in 1.6.0_30)
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{3AA4AC40-DE5B-46A7-88FD-F8AF6C06778D}: DhcpNameServer = 192.1.1.13 192.1.1.28
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{424CAE7A-7FF0-4B70-AB48-BCB9F861625E}: NameServer = 196.203.80.4 196.203.82.4
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{7CD145E9-81AC-4AB6-87AF-8A3CBD8285B1}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{8AFC0B4A-8564-41F5-901F-9DD8D667FAAC}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{94886D77-FC1C-4772-AA76-EA2FE0E2A52D}: DhcpNameServer = 10.47.9.34 193.95.122.30
O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{F9508140-3B1F-4982-9E10-5A25E921B693}: NameServer = 196.203.80.4 196.203.82.4
O18:64bit: – ProtocolHandlerlivecall – No CLSID value found
O18:64bit: – ProtocolHandlermsdaipp – No CLSID value found
O18:64bit: – ProtocolHandlermsdaippx00000001 – No CLSID value found
O18:64bit: – ProtocolHandlermsdaippoledb – No CLSID value found
O18:64bit: – ProtocolHandlerms-help – No CLSID value found
O18:64bit: – ProtocolHandlermsnim – No CLSID value found
O18:64bit: – ProtocolHandlermso-offdap11 – No CLSID value found
O18:64bit: – ProtocolHandlerskype4com – No CLSID value found
O18:64bit: – ProtocolHandlerwlmailhtml – No CLSID value found
O18:64bit: – ProtocolHandlerwlpg – No CLSID value found
O18 – ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 – ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} – C:Program Files (x86)Common FilesSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
O18 – ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)
O20:64bit: – HKLM Winlogon: Shell – (Explorer.exe) – C:windowsexplorer.exe (Microsoft Corporation)
O20:64bit: – HKLM Winlogon: UserInit – (C:windowssystem32userinit.exe) – C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:windowsSysWow64explorer.exe (Microsoft Corporation)
O20 – HKLM Winlogon: UserInit – (userinit.exe) – C:windowsSysWow64userinit.exe (Microsoft Corporation)
O21:64bit: – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – No CLSID value found.
O32 – HKLM CDRom: AutoRun – 0
O32 – AutoRun File – [2013/08/26 22:34:51 | 000,000,000 | RHSD | M] – C:Autorun.inf — [ NTFS ]
O34 – HKLM BootExecute: (autocheck autochk *)
O35:64bit: – HKLM..comfile [open] — “%1” %*
O35:64bit: – HKLM..exefile [open] — “%1” %*
O35 – HKLM..comfile [open] — “%1” %*
O35 – HKLM..exefile [open] — “%1” %*
O37:64bit: – HKLM…com [@ = comfile] — “%1” %*
O37:64bit: – HKLM…exe [@ = exefile] — “%1” %*
O37 – HKLM…com [@ = comfile] — “%1” %*
O37 – HKLM…exe [@ = exefile] — “%1” %*
O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 – SubSystems\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: AppMgmt – Service
SafeBootMin:64bit: Base – Driver Group
SafeBootMin:64bit: Boot Bus Extender – Driver Group
SafeBootMin:64bit: Boot file system – Driver Group
SafeBootMin:64bit: File system – Driver Group
SafeBootMin:64bit: Filter – Driver Group
SafeBootMin:64bit: HelpSvc – Service
SafeBootMin:64bit: MCODS – Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration – Driver Group
SafeBootMin:64bit: PNP Filter – Driver Group
SafeBootMin:64bit: Primary disk – Driver Group
SafeBootMin:64bit: sacsvr – Service
SafeBootMin:64bit: SCSI Class – Driver Group
SafeBootMin:64bit: System Bus Extender – Driver Group
SafeBootMin:64bit: vmms – Service
SafeBootMin:64bit: WinDefend – C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
SafeBootMin: AppMgmt – Service
SafeBootMin: Base – Driver Group
SafeBootMin: Boot Bus Extender – Driver Group
SafeBootMin: Boot file system – Driver Group
SafeBootMin: File system – Driver Group
SafeBootMin: Filter – Driver Group
SafeBootMin: HelpSvc – Service
SafeBootMin: MCODS – Reg Error: Value error.
SafeBootMin: PCI Configuration – Driver Group
SafeBootMin: PNP Filter – Driver Group
SafeBootMin: Primary disk – Driver Group
SafeBootMin: sacsvr – Service
SafeBootMin: SCSI Class – Driver Group
SafeBootMin: System Bus Extender – Driver Group
SafeBootMin: vmms – Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices

SafeBootNet:64bit: AppMgmt – Service
SafeBootNet:64bit: Base – Driver Group
SafeBootNet:64bit: Boot Bus Extender – Driver Group
SafeBootNet:64bit: Boot file system – Driver Group
SafeBootNet:64bit: File system – Driver Group
SafeBootNet:64bit: Filter – Driver Group
SafeBootNet:64bit: HelpSvc – Service
SafeBootNet:64bit: MCODS – Reg Error: Value error.
SafeBootNet:64bit: Messenger – Service
SafeBootNet:64bit: NDIS Wrapper – Driver Group
SafeBootNet:64bit: NetBIOSGroup – Driver Group
SafeBootNet:64bit: NetDDEGroup – Driver Group
SafeBootNet:64bit: Network – Driver Group
SafeBootNet:64bit: NetworkProvider – Driver Group
SafeBootNet:64bit: PCI Configuration – Driver Group
SafeBootNet:64bit: PNP Filter – Driver Group
SafeBootNet:64bit: PNP_TDI – Driver Group
SafeBootNet:64bit: Primary disk – Driver Group
SafeBootNet:64bit: rdsessmgr – Service
SafeBootNet:64bit: sacsvr – Service
SafeBootNet:64bit: SCSI Class – Driver Group
SafeBootNet:64bit: Streams Drivers – Driver Group
SafeBootNet:64bit: System Bus Extender – Driver Group
SafeBootNet:64bit: TDI – Driver Group
SafeBootNet:64bit: vmms – Service
SafeBootNet:64bit: WinDefend – C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver – Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} – Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} – NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} – NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} – NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} – Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices
SafeBootNet: AppMgmt – Service
SafeBootNet: Base – Driver Group
SafeBootNet: Boot Bus Extender – Driver Group
SafeBootNet: Boot file system – Driver Group
SafeBootNet: File system – Driver Group
SafeBootNet: Filter – Driver Group
SafeBootNet: HelpSvc – Service
SafeBootNet: MCODS – Reg Error: Value error.
SafeBootNet: Messenger – Service
SafeBootNet: NDIS Wrapper – Driver Group
SafeBootNet: NetBIOSGroup – Driver Group
SafeBootNet: NetDDEGroup – Driver Group
SafeBootNet: Network – Driver Group
SafeBootNet: NetworkProvider – Driver Group
SafeBootNet: PCI Configuration – Driver Group
SafeBootNet: PNP Filter – Driver Group
SafeBootNet: PNP_TDI – Driver Group
SafeBootNet: Primary disk – Driver Group
SafeBootNet: rdsessmgr – Service
SafeBootNet: sacsvr – Service
SafeBootNet: SCSI Class – Driver Group
SafeBootNet: Streams Drivers – Driver Group
SafeBootNet: System Bus Extender – Driver Group
SafeBootNet: TDI – Driver Group
SafeBootNet: vmms – Service
SafeBootNet: WudfUsbccidDriver – Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} – Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} – CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} – DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} – Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} – Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} – Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} – Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} – Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} – NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} – NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} – NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} – PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} – SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} – System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} – Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} – Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} – Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} – IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} – Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} – Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} – SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} – SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} – Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} – %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} – C:windowssystem32cmd.exe /D /C start C:windowssystem32ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} – Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} – “%ProgramFiles%Windows MailWinMail.exe” OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} – DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} – Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} – Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} – Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} – Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} – Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} – MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} – Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} – regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} – C:windowsSystem32ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} – C:Windowssystem32Rundll32.exe C:Windowssystem32mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} – Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} – Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} – HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} – Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} – .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} – .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} – %SystemRoot%system32unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} – Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} – Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} – %SystemRoot%system32regsvr32.exe /s /n /i:/UserInstall %SystemRoot%system32themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} – C:windowssystem32cmd.exe /D /C start C:windowssystem32ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} – Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} – “%ProgramFiles(x86)%Windows MailWinMail.exe” OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} – DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} – Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} – Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} – Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} – Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} – Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} – MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} – Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} – Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} – .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} – regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} –
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} – C:WindowsSysWOW64Rundll32.exe C:WindowsSysWOW64mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} – “C:Program Files (x86)GoogleChromeApplication29.0.1547.66Installerchrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} – Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} – .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} – Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} – Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} – HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} – Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} – .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} – %SystemRoot%system32unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm – C:WindowsSystem32l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm – C:WindowsSysWOW64l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid – C:windowsSysWow64iccvid.dll (Radius Inc.)
Drivers32: VIDC.VMnc – C:windowsSysWow64vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders – Created Within 30 Days ==========

[2013/09/09 14:31:49 | 000,602,112 | —- | C] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
[2013/09/01 16:27:04 | 000,000,000 | —D | C] — C:Sounds
[2013/09/01 12:54:25 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingMalwarebytes
[2013/09/01 12:54:23 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes’ Anti-Malware
[2013/09/01 12:54:22 | 000,025,928 | —- | C] (Malwarebytes Corporation) — C:windowsSysNativedriversmbam.sys
[2013/09/01 12:54:22 | 000,000,000 | —D | C] — C:ProgramDataMalwarebytes
[2013/09/01 12:54:21 | 000,000,000 | —D | C] — C:Program Files (x86)Malwarebytes’ Anti-Malware
[2013/09/01 12:54:11 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalPrograms
[2013/09/01 07:40:26 | 000,000,000 | —D | C] — C:windowsERUNT
[2013/09/01 07:31:14 | 000,000,000 | —D | C] — C:AdwCleaner
[2013/08/31 04:21:33 | 000,000,000 | —D | C] — C:Program Files (x86)ZHPDiag
[2013/08/31 04:21:33 | 000,000,000 | —D | C] — C:ZHP
[2013/08/29 22:02:10 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingRadiocom
[2013/08/29 22:02:05 | 000,000,000 | —D | C] — C:UsersAdministrateurRichMedia
[2013/08/29 22:02:05 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalRadiocom
[2013/08/28 19:51:21 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsKaspersky Anti-Virus 2013
[2013/08/28 19:50:59 | 000,064,856 | —- | C] (Kaspersky Lab) — C:windowsSysNativeklfphc.dll
[2013/08/28 19:50:00 | 000,000,000 | —D | C] — C:windowsELAMBKUP
[2013/08/28 19:49:54 | 000,000,000 | —D | C] — C:ProgramDataKaspersky Lab
[2013/08/28 19:49:54 | 000,000,000 | —D | C] — C:Program Files (x86)Kaspersky Lab
[2013/08/28 19:49:21 | 000,620,128 | —- | C] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklif.sys
[2013/08/28 19:49:21 | 000,090,208 | —- | C] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklflt.sys
[2013/08/28 18:51:18 | 000,000,000 | —D | C] — C:ProgramDataMicrosoftWindowsStart MenuProgramsRich Media Player
[2013/08/28 18:50:55 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataLocalRich Media Player
[2013/08/28 03:45:25 | 000,000,000 | —D | C] — C:ProgramDataBDLogging
[2013/08/28 03:45:14 | 000,511,328 | —- | C] (Microsoft Corporation) — C:windowscapicom.dll
[2013/08/28 02:32:01 | 000,000,000 | —D | C] — C:UsersAdministrateurAppDataRoamingQuickScan
[2013/08/28 02:27:54 | 000,000,000 | —D | C] — C:Program FilesBitdefender
[2013/08/28 02:17:27 | 000,000,000 | —D | C] — C:Program FilesCommon FilesBitdefender
[2013/08/27 01:23:34 | 000,000,000 | –SD | C] — C:windowsSysWow64Microsoft
[2013/08/26 22:34:51 | 000,000,000 | RHSD | C] — C:Autorun.inf
[2013/08/25 20:07:42 | 000,000,000 | —D | C] — C:UsbFix
[2013/08/14 16:46:34 | 000,391,168 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ieui.dll
[2013/08/14 16:46:33 | 000,526,336 | —- | C] (Microsoft Corporation) — C:windowsSysNativeieui.dll
[2013/08/14 16:46:30 | 000,109,056 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iesysprep.dll
[2013/08/14 16:46:30 | 000,089,600 | —- | C] (Microsoft Corporation) — C:windowsSysNativeRegisterIEPKEYs.exe
[2013/08/14 16:46:30 | 000,071,680 | —- | C] (Microsoft Corporation) — C:windowsSysWow64RegisterIEPKEYs.exe
[2013/08/14 16:46:30 | 000,067,072 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiesetup.dll
[2013/08/14 16:46:30 | 000,061,440 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iesetup.dll
[2013/08/14 16:46:30 | 000,051,712 | —- | C] (Microsoft Corporation) — C:windowsSysNativeie4uinit.exe
[2013/08/14 16:46:30 | 000,039,936 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiernonce.dll
[2013/08/14 16:46:30 | 000,033,280 | —- | C] (Microsoft Corporation) — C:windowsSysWow64iernonce.dll
[2013/08/14 16:46:29 | 000,136,704 | —- | C] (Microsoft Corporation) — C:windowsSysNativeiesysprep.dll
[2013/08/14 16:46:24 | 000,855,552 | —- | C] (Microsoft Corporation) — C:windowsSysNativejscript.dll
[2013/08/14 16:46:24 | 000,603,136 | —- | C] (Microsoft Corporation) — C:windowsSysNativemsfeeds.dll
[2013/08/14 16:46:23 | 003,958,784 | —- | C] (Microsoft Corporation) — C:windowsSysNativejscript9.dll
[2013/08/14 16:46:23 | 000,690,688 | —- | C] (Microsoft Corporation) — C:windowsSysWow64jscript.dll
[2013/08/13 21:29:09 | 001,472,512 | —- | C] (Microsoft Corporation) — C:windowsSysNativecrypt32.dll
[2013/08/13 21:29:08 | 000,224,256 | —- | C] (Microsoft Corporation) — C:windowsSysNativewintrust.dll
[2013/08/13 21:29:07 | 000,139,776 | —- | C] (Microsoft Corporation) — C:windowsSysNativecryptnet.dll
[2013/08/13 21:27:41 | 001,888,768 | —- | C] (Microsoft Corporation) — C:windowsSysNativeWMVDECOD.DLL
[2013/08/13 21:27:40 | 001,620,992 | —- | C] (Microsoft Corporation) — C:windowsSysWow64WMVDECOD.DLL
[2013/08/13 21:27:39 | 001,217,024 | —- | C] (Microsoft Corporation) — C:windowsSysNativerpcrt4.dll
[2013/08/13 21:27:34 | 003,913,664 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntoskrnl.exe
[2013/08/13 21:27:32 | 003,968,960 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntkrnlpa.exe
[2013/08/13 21:27:31 | 005,550,528 | —- | C] (Microsoft Corporation) — C:windowsSysNativentoskrnl.exe
[2013/08/13 21:27:31 | 001,732,032 | —- | C] (Microsoft Corporation) — C:windowsSysNativentdll.dll
[2013/08/13 21:27:30 | 000,243,712 | —- | C] (Microsoft Corporation) — C:windowsSysNativewow64.dll
[2013/08/13 21:27:29 | 000,014,336 | —- | C] (Microsoft Corporation) — C:windowsSysWow64ntvdm64.dll
[2013/08/13 21:27:28 | 000,025,600 | —- | C] (Microsoft Corporation) — C:windowsSysWow64setup16.exe
[2013/08/13 21:27:28 | 000,005,120 | —- | C] (Microsoft Corporation) — C:windowsSysWow64wow32.dll
[2013/08/13 21:27:27 | 000,007,680 | —- | C] (Microsoft Corporation) — C:windowsSysWow64instnm.exe
[2013/08/13 21:27:27 | 000,002,048 | —- | C] (Microsoft Corporation) — C:windowsSysWow64user.exe
[1 C:windows*.tmp files -> C:windows*.tmp -> ]

========== Files – Modified Within 30 Days ==========

[2013/09/10 23:59:56 | 001,566,088 | —- | M] () — C:windowsSysNativePerfStringBackup.INI
[2013/09/10 23:59:56 | 000,712,096 | —- | M] () — C:windowsSysNativeperfh00C.dat
[2013/09/10 23:59:56 | 000,622,464 | —- | M] () — C:windowsSysNativeperfh009.dat
[2013/09/10 23:59:56 | 000,133,806 | —- | M] () — C:windowsSysNativeperfc00C.dat
[2013/09/10 23:59:56 | 000,109,310 | —- | M] () — C:windowsSysNativeperfc009.dat
[2013/09/10 23:52:00 | 000,001,082 | —- | M] () — C:windowstasksGoogleUpdateTaskMachineUA.job
[2013/09/10 23:14:00 | 000,000,830 | —- | M] () — C:windowstasksAdobe Flash Player Updater.job
[2013/09/10 22:59:02 | 000,000,964 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job
[2013/09/10 22:46:00 | 000,000,924 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
[2013/09/10 21:58:11 | 000,067,584 | –S- | M] () — C:windowsbootstat.dat
[2013/09/10 19:59:01 | 000,000,942 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
[2013/09/10 19:46:00 | 000,000,902 | —- | M] () — C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
[2013/09/09 14:31:56 | 000,602,112 | —- | M] (OldTimer Tools) — C:UsersAdministrateurDesktopOTL.exe
[2013/09/09 14:11:32 | 000,001,078 | —- | M] () — C:windowstasksGoogleUpdateTaskMachineCore.job
[2013/09/09 01:50:14 | 000,038,784 | -H– | M] () — C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 01:50:14 | 000,038,784 | -H– | M] () — C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/09 01:42:11 | 623,069,829 | —- | M] () — C:windowsMEMORY.DMP
[2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () — C:hiberfil.sys
[2013/09/02 17:55:08 | 000,000,512 | —- | M] () — C:PhysicalDisk0_MBR.bin
[2013/08/30 04:22:17 | 000,178,448 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriverskneps.sys
[2013/08/30 04:22:17 | 000,054,368 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriverskltdi.sys
[2013/08/30 04:22:17 | 000,029,528 | —- | M] (Kaspersky Lab) — C:windowsSysNativedriversklmouflt.sys
[2013/08/30 04:22:16 | 000,620,128 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklif.sys
[2013/08/30 04:22:16 | 000,029,016 | —- | M] (Kaspersky Lab) — C:windowsSysNativedriversklkbdflt.sys
[2013/08/30 04:22:15 | 000,090,208 | —- | M] (Kaspersky Lab ZAO) — C:windowsSysNativedriversklflt.sys
[2013/08/28 18:42:38 | 000,230,495 | —- | M] () — C:ProgramData1377711683.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | —- | M] () — C:ProgramData1377657701.bdinstall.bin
[2013/08/28 03:46:20 | 000,000,385 | —- | M] () — C:windowsSysNativeuser_gensett.xml
[2013/08/28 03:45:37 | 000,000,000 | -H– | M] () — C:windowsSysNativedriversMsft_Kernel_avchv_01009.Wdf
[2013/08/28 03:40:23 | 000,370,476 | —- | M] () — C:ProgramData1377653102.bdinstall.bin
[1 C:windows*.tmp files -> C:windows*.tmp -> ]

========== Files Created – No Company Name ==========

[2013/08/31 04:31:50 | 000,000,512 | —- | C] () — C:PhysicalDisk0_MBR.bin
[2013/08/28 18:42:38 | 000,230,495 | —- | C] () — C:ProgramData1377711683.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | —- | C] () — C:ProgramData1377657701.bdinstall.bin
[2013/08/28 03:46:20 | 000,000,385 | —- | C] () — C:windowsSysNativeuser_gensett.xml
[2013/08/28 03:45:37 | 000,000,000 | -H– | C] () — C:windowsSysNativedriversMsft_Kernel_avchv_01009.Wdf
[2013/08/28 03:40:23 | 000,370,476 | —- | C] () — C:ProgramData1377653102.bdinstall.bin
[2013/07/27 10:22:55 | 000,000,708 | —- | C] () — C:UsersAdministrateurBibliothèques – Raccourci.lnk
[2013/03/20 16:29:00 | 001,590,564 | —- | C] () — C:windowsSysWow64PerfStringBackup.INI
[2013/03/12 18:52:42 | 000,000,382 | —- | C] () — C:windowsODBC.INI
[2013/01/06 22:55:35 | 000,000,293 | —- | C] () — C:windowsgame.ini
[2012/11/30 18:23:17 | 000,000,000 | —- | C] () — C:windowsToDisc.INI
[2012/04/07 17:14:14 | 000,128,312 | —- | C] () — C:windowsSysWow64GFNEX.dll
[2012/04/07 17:12:39 | 000,028,528 | —- | C] () — C:windowsrlt8723a_chip_bt40_fw_asic_rom_patch.dll
[2012/04/07 17:09:55 | 000,451,072 | —- | C] () — C:windowsSysWow64ISSRemoveSP.exe
[2012/04/07 17:03:23 | 000,000,000 | —- | C] () — C:windowsativpsrm.bin
[2012/04/07 17:00:51 | 000,204,960 | —- | C] () — C:windowsSysWow64ativvsvl.dat
[2012/04/07 17:00:51 | 000,157,152 | —- | C] () — C:windowsSysWow64ativvsva.dat
[2012/04/07 17:00:51 | 000,003,917 | —- | C] () — C:windowsSysWow64atipblag.dat
[2012/01/20 12:49:58 | 000,059,904 | —- | C] () — C:windowsSysWow64OpenVideo.dll
[2012/01/20 12:49:48 | 000,054,784 | —- | C] () — C:windowsSysWow64OVDecode.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () — C:windowsassemblyDesktop.ini

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64
“” = C:WindowsSysNativeshell32.dll — [2013/02/27 06:52:56 | 014,172,672 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
“” = %SystemRoot%system32shell32.dll — [2013/02/27 05:55:05 | 012,872,704 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64
“” = C:WindowsSysNativewbemfastprox.dll — [2009/07/14 02:40:51 | 000,909,312 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
“” = %systemroot%system32wbemfastprox.dll — [2010/11/21 04:24:25 | 000,606,208 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64
“” = C:WindowsSysNativewbemwbemess.dll — [2009/07/14 02:41:56 | 000,505,856 | —- | M] (Microsoft Corporation)
“ThreadingModel” = Both

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

========== LOP Check ==========

[2013/09/10 21:58:36 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingInternetEverywhere
[2013/05/17 12:52:12 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingNotepad++
[2013/05/19 20:13:30 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingPowerISO
[2013/08/28 02:32:01 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingQuickScan
[2013/08/29 22:02:10 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingRadiocom
[2013/07/24 07:37:14 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingTheta
[2013/06/03 14:08:48 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingToshiba
[2013/07/04 04:51:53 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingUnity
[2013/07/20 12:30:21 | 000,000,000 | —D | M] — C:UsersAdministrateurAppDataRoamingWildTangent
[2013/01/01 15:25:14 | 000,000,000 | —D | M] — C:UsersInvitéAppDataRoamingInternetEverywhere
[2012/12/15 17:40:50 | 000,000,000 | —D | M] — C:UsersInvitéAppDataRoamingToshiba

========== Purity Check ==========

========== Custom Scans ==========

[2011/12/28 04:59:24 | 000,498,688 | —- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 — C:windowsSysNativedriversafd.sys
[2011/12/28 04:59:24 | 000,498,688 | —- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5afd.sys
[2011/12/28 05:01:36 | 000,498,176 | —- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345afd.sys
[2010/11/21 04:24:08 | 000,499,712 | —- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991afd.sys
[2011/04/25 03:34:03 | 000,499,200 | —- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170afd.sys
[2011/04/25 04:09:35 | 000,499,200 | —- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 — C:Windowswinsxsamd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4afd.sys

[2011/02/26 06:19:21 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652dexplorer.exe
[2011/02/25 07:19:30 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 — C:Windowsexplorer.exe
[2011/02/25 07:19:30 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0baexplorer.exe
[2011/02/26 07:14:34 | 002,871,808 | —- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafbexplorer.exe
[2011/02/25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E — C:WindowsSysWOW64explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E — C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | —- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 — C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900explorer.exe

[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativedriversi8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativeDriverStoreFileRepositorykeyboard.inf_amd64_neutral_0684fdc43059f486i8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:windowsSysNativeDriverStoreFileRepositorymsmouse.inf_amd64_neutral_7a5f47d3150cc0ebi8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:Windowswinsxsamd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bfi8042prt.sys
[2009/07/14 00:19:57 | 000,105,472 | —- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 — C:Windowswinsxsamd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9i8042prt.sys

[2009/07/14 02:39:16 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277lsass.exe
[2011/11/17 07:20:34 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3flsass.exe
[2012/06/04 08:51:10 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279clsass.exe
[2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:windowsSysNativelsass.exe
[2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20dlsass.exe
[2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 — C:Windowswinsxsamd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5elsass.exe

[2010/11/21 04:23:51 | 000,261,632 | —- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 — C:windowsSysNativedriversnetbt.sys
[2010/11/21 04:23:51 | 000,261,632 | —- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 — C:Windowswinsxsamd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6netbt.sys

[2009/07/14 02:14:41 | 000,020,992 | —- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe
[2011/03/01 09:10:51 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391svchost.exe
[2011/03/01 09:07:49 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 — C:windowsSysNativesvchost.exe
[2011/03/01 09:07:49 | 000,027,648 | —- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937svchost.exe
[2011/03/01 09:07:49 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25bsvchost.exe
[2013/04/04 14:50:32 | 000,218,184 | —- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC — C:Program Files (x86)Malwarebytes’ Anti-MalwareChameleonsvchost.exe
[2009/07/14 02:39:46 | 000,027,136 | —- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D — C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48csvchost.exe
[2011/03/01 09:05:31 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 — C:WindowsSysWOW64svchost.exe
[2011/03/01 09:05:31 | 000,021,504 | —- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 — C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801svchost.exe

[2012/10/03 18:56:54 | 001,914,248 | —- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88tcpip.sys
[2011/09/29 18:41:37 | 001,912,176 | —- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69ctcpip.sys
[2013/05/08 07:14:42 | 001,900,392 | —- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0tcpip.sys
[2010/11/21 04:24:08 | 001,924,480 | —- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37tcpip.sys
[2012/08/22 19:06:13 | 001,901,936 | —- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145tcpip.sys
[2012/03/30 11:26:36 | 001,901,424 | —- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23atcpip.sys
[2011/04/25 06:33:51 | 001,923,968 | —- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316tcpip.sys
[2013/05/08 07:39:01 | 001,910,632 | —- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96btcpip.sys
[2012/03/30 12:35:47 | 001,918,320 | —- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740dtcpip.sys
[2013/07/06 06:20:38 | 001,900,992 | —- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2ftcpip.sys
[2013/01/03 07:00:54 | 001,913,192 | —- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143atcpip.sys
[2011/04/25 07:16:34 | 001,927,552 | —- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357atcpip.sys
[2013/01/04 06:47:43 | 001,901,416 | —- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8tcpip.sys
[2011/03/19 08:45:16 | 001,927,552 | —- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9dtcpip.sys
[2012/10/03 18:44:29 | 001,902,472 | —- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0tcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | —- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 — C:windowsSysNativedriverstcpip.sys
[2013/07/06 07:03:53 | 001,910,208 | —- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81btcpip.sys
[2011/03/19 08:39:54 | 001,924,480 | —- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20tcpip.sys
[2012/08/22 19:12:50 | 001,913,200 | —- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668tcpip.sys
[2011/09/29 17:29:28 | 001,923,952 | —- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 — C:Windowswinsxsamd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3ebtcpip.sys

[2010/11/21 04:23:55 | 000,026,624 | —- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 — C:WindowsSysWOW64userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | —- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 — C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | —- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 — C:windowsSysNativeuserinit.exe
[2010/11/21 04:24:28 | 000,030,720 | —- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 — C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824cuserinit.exe

[2010/11/21 04:23:47 | 000,295,808 | —- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 — C:windowsSysNativeDriverStoreFileRepositoryvolume.inf_amd64_neutral_df8bea40ac96ca21volsnap.sys
[2010/11/21 04:23:47 | 000,295,808 | —- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850evolsnap.sys
[2011/02/25 07:28:30 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9volsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:windowsSysNativedriversvolsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:windowsSysNativeDriverStoreFileRepositoryvolume.inf_amd64_neutral_e7c4cd5b40e03494volsnap.sys
[2011/02/25 07:25:38 | 000,296,320 | —- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B — C:Windowswinsxsamd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8volsnap.sys

[2009/07/14 02:39:52 | 000,129,024 | —- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA — C:windowsSysNativewininit.exe
[2009/07/14 02:39:52 | 000,129,024 | —- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA — C:Windowswinsxsamd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | —- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 — C:WindowsSysWOW64wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | —- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 — C:Windowswinsxsx86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13wininit.exe

[2010/11/21 04:24:29 | 000,390,656 | —- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 — C:windowsSysNativewinlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | —- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 — C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | —- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC — C:Program Files (x86)Malwarebytes’ Anti-MalwareChameleonwinlogon.exe

[2013/07/20 12:30:29 | 001,012,600 | —- | M] (WildTangent) — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-toshiba.exe
[2013/07/20 12:30:03 | 001,012,592 | —- | M] (WildTangent) — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-wildgames.exe
[2013/07/20 12:29:51 | 000,000,179 | —- | M] () — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-wildgames.exe_filedata
[2013/07/20 12:30:23 | 000,000,177 | —- | M] () — C:UsersAdministrateurAppDataRoamingWildTangentWildTangent GamesAppDPConfigInstallTouchpoints-toshiba.exe_filedata

[2013/08/28 03:40:23 | 000,370,476 | —- | M] () — C:ProgramData1377653102.bdinstall.bin
[2013/08/28 03:46:34 | 000,354,473 | —- | M] () — C:ProgramData1377657701.bdinstall.bin
[2013/08/28 18:42:38 | 000,230,495 | —- | M] () — C:ProgramData1377711683.bdinstall.bin
[2013/08/28 02:22:25 | 000,262,144 | —- | M] () — C:ProgramDatantuser.dat
[2013/08/28 02:22:37 | 000,005,120 | -HS- | M] () — C:ProgramDatantuser.dat.LOG1
[2013/08/28 02:22:25 | 000,000,000 | -HS- | M] () — C:ProgramDatantuser.dat.LOG2
[2013/08/28 02:22:26 | 000,065,536 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
[2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/28 02:22:26 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f38-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms
[2013/08/28 02:22:36 | 000,065,536 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TM.blf
[2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/28 02:22:36 | 000,524,288 | -HS- | M] () — C:ProgramDatantuser.dat{c2a52f4d-0f23-11e3-9eb3-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms

[2013/08/28 18:41:46 | 000,002,691 | —- | M] () — C:bdlog.txt
[2010/11/21 04:23:51 | 000,383,786 | RHS- | M] () — C:bootmgr
[2012/03/15 20:26:49 | 000,008,192 | —- | M] () — C:BOOTSECT.BAK
[2013/09/09 01:42:10 | 505,257,983 | -HS- | M] () — C:hiberfil.sys
[2013/09/09 01:42:11 | 2105,335,807 | -HS- | M] () — C:pagefile.sys
[2013/09/02 17:55:08 | 000,000,512 | —- | M] () — C:PhysicalDisk0_MBR.bin
[2013/08/26 22:33:21 | 000,012,060 | —- | M] () — C:UsbFix [Clean 3] USER-TOSH.txt
[2013/08/26 22:35:03 | 000,002,944 | —- | M] () — C:UsbFix [Listing 1 ] USER-TOSH.txt
[2013/09/05 00:42:38 | 000,004,534 | —- | M] () — C:UsbFix [Listing 2 ] USER-TOSH.txt
[2013/08/25 23:35:12 | 000,010,964 | —- | M] () — C:UsbFix [Scan 1] USER-TOSH.txt
[2013/08/26 22:21:47 | 000,010,191 | —- | M] () — C:UsbFix [Scan 2] USER-TOSH.txt
[2013/08/28 01:36:31 | 000,010,853 | —- | M] () — C:UsbFix [Scan 5] USER-TOSH.txt
[2013/08/30 02:24:24 | 000,009,829 | —- | M] () — C:UsbFix [Scan 6] USER-TOSH.txt

[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () — C:Program Files (x86)desktop.ini

[2012/11/07 09:27:01 | 000,002,446 | —- | M] () — C:Program Files (x86)Internet Explorerdebug.log
[2013/06/23 03:11:56 | 000,024,576 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerExtExport.exe
[2013/06/23 03:11:56 | 000,002,843 | —- | M] () — C:Program Files (x86)Internet Explorerie9props.propdesc
[2013/06/23 03:11:56 | 000,697,344 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Exploreriedvtool.dll
[2013/06/23 03:11:56 | 000,467,456 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerieinstal.exe
[2013/06/23 03:11:56 | 000,222,208 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerielowutil.exe
[2013/07/26 04:11:59 | 000,257,536 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerieproxy.dll
[2013/07/26 04:12:00 | 000,236,032 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerIEShims.dll
[2013/07/26 04:49:06 | 000,770,648 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Exploreriexplore.exe
[2013/06/23 03:11:56 | 000,440,320 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsdbgui.dll
[2013/07/26 04:12:04 | 000,108,032 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsdebuggeride.dll
[2013/06/23 03:11:56 | 000,052,224 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet ExplorerJSProfilerCore.dll
[2013/06/23 03:11:56 | 000,147,456 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerjsprofilerui.dll
[2013/06/23 03:11:56 | 000,285,080 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorermsdbg2.dll
[2013/06/23 03:11:56 | 000,294,400 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorernetworkinspection.dll
[2013/06/23 03:11:56 | 000,392,080 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerpdm.dll
[2013/06/23 03:11:56 | 000,070,568 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorerpdmproxy100.dll
[2013/07/26 04:13:06 | 000,218,112 | —- | M] (Microsoft Corporation) — C:Program Files (x86)Internet Explorersqmapi.dll

[2013/07/27 10:22:55 | 000,000,708 | —- | M] () — C:UsersAdministrateurBibliothèques – Raccourci.lnk
[2013/09/11 00:08:45 | 003,670,016 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT
[2013/09/11 00:08:45 | 000,262,144 | -HS- | M] () — C:UsersAdministrateurntuser.dat.LOG1
[2013/05/15 21:41:56 | 000,000,000 | -HS- | M] () — C:UsersAdministrateurntuser.dat.LOG2
[2013/05/15 21:59:41 | 000,065,536 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013/05/15 21:59:41 | 000,524,288 | -HS- | M] () — C:UsersAdministrateurNTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013/05/15 21:41:56 | 000,000,020 | -HS- | M] () — C:UsersAdministrateurntuser.ini

[2013/08/27 01:23:47 | 000,262,144 | —- | M] () — C:windowssystem32configsystemprofileNtUser.dat
[2013/08/27 01:23:47 | 000,005,120 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat.LOG1
[2013/08/27 01:23:47 | 000,000,000 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat.LOG2
[2013/08/27 01:23:47 | 000,065,536 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TM.blf
[2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000001.regtrans-ms
[2013/08/27 01:23:47 | 000,524,288 | -HS- | M] () — C:windowssystem32configsystemprofileNtUser.dat{419fcbad-0ea9-11e3-8a4f-24ec99122cd8}.TMContainer00000000000000000002.regtrans-ms

[1 C:windows*.tmp files -> C:windows*.tmp -> ]

[2013/06/23 03:02:47 | 000,010,752 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,584 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/06/23 03:02:47 | 000,002,560 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/06/23 03:02:47 | 000,005,632 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,072 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,009,728 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/06/23 03:02:47 | 000,005,632 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/06/23 03:02:47 | 000,004,096 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-user32-l1-1-0.dll
[2013/06/23 03:02:47 | 000,003,072 | -H– | M] (Microsoft Corporation) — C:windowssystem32api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/09 05:46:31 | 001,166,848 | —- | M] (Microsoft Corporation) — C:windowssystem32crypt32.dll
[2013/07/09 05:46:31 | 000,103,936 | —- | M] (Microsoft Corporation) — C:windowssystem32cryptnet.dll
[2013/07/09 05:46:31 | 000,140,288 | —- | M] (Microsoft Corporation) — C:windowssystem32cryptsvc.dll
[2013/06/23 03:02:47 | 003,419,136 | —- | M] (Microsoft Corporation) — C:windowssystem32d2d1.dll
[2013/06/23 03:02:47 | 001,080,832 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10.dll
[2013/06/23 03:02:47 | 000,220,160 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10core.dll
[2013/06/23 03:02:47 | 000,604,160 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10level9.dll
[2013/06/23 03:02:47 | 001,988,096 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10warp.dll
[2013/06/23 03:02:47 | 000,161,792 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10_1.dll
[2013/06/23 03:02:47 | 000,249,856 | —- | M] (Microsoft Corporation) — C:windowssystem32d3d10_1core.dll
[2013/06/23 03:02:47 | 000,293,376 | —- | M] (Microsoft Corporation) — C:windowssystem32dxgi.dll
[2013/06/23 03:11:56 | 000,357,888 | —- | M] (Microsoft Corporation) — C:windowssystem32dxtmsft.dll
[2013/06/23 03:11:56 | 000,226,816 | —- | M] (Microsoft Corporation) — C:windowssystem32dxtrans.dll
[2013/06/23 03:11:56 | 000,185,344 | —- | M] (Microsoft Corporation) — C:windowssystem32elshyph.dll
[2013/06/23 03:11:56 | 000,069,120 | —- | M] (Microsoft Corporation) — C:windowssystem32icardie.dll
[2013/06/23 03:11:56 | 000,110,592 | —- | M] (Microsoft Corporation) — C:windowssystem32IEAdvpack.dll
[2013/06/23 03:11:56 | 000,629,248 | —- | M] (Microsoft Corporation) — C:windowssystem32ieapfltr.dll
[2013/06/23 03:11:56 | 000,242,200 | —- | M] (Microsoft Corporation) — C:windowssystem32iedkcs32.dll
[2013/07/26 04:11:59 | 013,761,024 | —- | M] (Microsoft Corporation) — C:windowssystem32ieframe.dll
[2013/06/23 03:11:56 | 000,117,248 | —- | M] (Microsoft Corporation) — C:windowssystem32iepeers.dll
[2013/07/26 04:11:59 | 000,033,280 | —- | M] (Microsoft Corporation) — C:windowssystem32iernonce.dll
[2013/07/26 04:12:00 | 002,048,512 | —- | M] (Microsoft Corporation) — C:windowssystem32iertutil.dll
[2013/07/26 04:12:00 | 000,061,440 | —- | M] (Microsoft Corporation) — C:windowssystem32iesetup.dll
[2013/07/26 04:12:00 | 000,109,056 | —- | M] (Microsoft Corporation) — C:windowssystem32iesysprep.dll
[2013/07/26 04:12:00 | 000,391,168 | —- | M] (Microsoft Corporation) — C:windowssystem32ieui.dll
[2013/06/23 03:11:56 | 000,038,400 | —- | M] (Microsoft Corporation) — C:windowssystem32imgutil.dll
[2013/06/23 03:11:56 | 000,082,432 | —- | M] (Microsoft Corporation) — C:windowssystem32inseng.dll
[2013/07/26 04:12:04 | 000,690,688 | —- | M] (Microsoft Corporation) — C:windowssystem32jscript.dll
[2013/07/26 04:12:04 | 002,877,440 | —- | M] (Microsoft Corporation) — C:windowssystem32jscript9.dll
[2013/07/26 04:12:05 | 000,039,936 | —- | M] (Microsoft Corporation) — C:windowssystem32jsproxy.dll
[2013/06/23 03:11:56 | 000,023,040 | —- | M] (Microsoft Corporation) — C:windowssystem32licmgr10.dll
[2013/07/26 04:12:22 | 000,493,056 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeeds.dll
[2013/06/23 03:11:56 | 000,041,984 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeedsbs.dll
[2013/07/26 04:12:23 | 014,329,344 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtml.dll
[2013/06/23 03:11:56 | 000,079,872 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmled.dll
[2013/06/23 03:11:56 | 000,048,640 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmler.dll
[2013/06/23 03:11:56 | 000,719,360 | —- | M] (Microsoft Corporation) — C:windowssystem32mshtmlmedia.dll
[2013/06/23 03:11:56 | 000,158,720 | —- | M] (Microsoft Corporation) — C:windowssystem32msls31.dll
[2013/06/23 03:02:47 | 002,284,544 | —- | M] (Microsoft Corporation) — C:windowssystem32msmpeg2vdec.dll
[2013/06/23 03:11:56 | 000,163,840 | —- | M] (Microsoft Corporation) — C:windowssystem32msrating.dll
[2013/07/09 05:53:47 | 001,292,192 | —- | M] (Microsoft Corporation) — C:windowssystem32ntdll.dll
[2013/07/09 03:49:39 | 000,014,336 | —- | M] (Microsoft Corporation) — C:windowssystem32ntvdm64.dll
[2013/06/23 03:11:56 | 000,125,440 | —- | M] (Microsoft Corporation) — C:windowssystem32occache.dll
[2013/06/23 03:11:56 | 000,057,344 | —- | M] (Microsoft Corporation) — C:windowssystem32pngfilt.dll
[2013/07/09 05:52:33 | 000,663,552 | —- | M] (Microsoft Corporation) — C:windowssystem32rpcrt4.dll
[2013/07/19 02:41:01 | 000,002,048 | —- | M] (Microsoft Corporation) — C:windowssystem32tzres.dll
[2013/06/23 03:02:46 | 000,187,392 | —- | M] (Microsoft Corporation) — C:windowssystem32UIAnimation.dll
[2013/06/23 03:11:56 | 000,232,960 | —- | M] (Microsoft Corporation) — C:windowssystem32url.dll
[2013/07/26 04:13:14 | 001,141,248 | —- | M] (Microsoft Corporation) — C:windowssystem32urlmon.dll
[2013/06/23 03:11:56 | 000,523,264 | —- | M] (Microsoft Corporation) — C:windowssystem32vbscript.dll
[2013/06/23 03:11:56 | 000,204,800 | —- | M] (Microsoft Corporation) — C:windowssystem32webcheck.dll
[2013/06/23 03:02:47 | 000,207,872 | —- | M] (Microsoft Corporation) — C:windowssystem32WindowsCodecsExt.dll
[2013/07/26 04:13:24 | 001,767,936 | —- | M] (Microsoft Corporation) — C:windowssystem32wininet.dll
[2013/07/09 05:52:10 | 000,175,104 | —- | M] (Microsoft Corporation) — C:windowssystem32wintrust.dll
[2013/06/23 03:02:47 | 000,417,792 | —- | M] (Microsoft Corporation) — C:windowssystem32WMPhoto.dll
[2013/07/25 09:57:27 | 001,620,992 | —- | M] (Microsoft Corporation) — C:windowssystem32WMVDECOD.DLL
[2013/07/09 05:52:33 | 000,005,120 | —- | M] (Microsoft Corporation) — C:windowssystem32wow32.dll
[2013/06/23 03:02:47 | 000,364,544 | —- | M] (Microsoft Corporation) — C:windowssystem32XpsGdiConverter.dll
[2013/06/23 03:02:47 | 001,158,144 | —- | M] (Microsoft Corporation) — C:windowssystem32XpsPrint.dll

[2013/06/13 01:17:56 | 000,692,104 | —- | M] (Adobe Systems Incorporated) — C:windowssystem32FlashPlayerApp.exe
[2013/06/23 03:11:56 | 000,137,216 | —- | M] (Microsoft Corporation) — C:windowssystem32ieUnatt.exe
[2013/06/23 03:11:56 | 000,150,528 | —- | M] (Microsoft Corporation) — C:windowssystem32iexpress.exe
[2013/07/09 03:49:41 | 000,007,680 | —- | M] (Microsoft Corporation) — C:windowssystem32instnm.exe
[2013/06/23 03:11:56 | 000,011,776 | —- | M] (Microsoft Corporation) — C:windowssystem32msfeedssync.exe
[2013/06/23 03:11:56 | 000,012,800 | —- | M] (Microsoft Corporation) — C:windowssystem32mshta.exe
[2013/07/09 06:03:34 | 003,968,960 | —- | M] (Microsoft Corporation) — C:windowssystem32ntkrnlpa.exe
[2013/07/09 06:03:34 | 003,913,664 | —- | M] (Microsoft Corporation) — C:windowssystem32ntoskrnl.exe
[2013/07/26 02:59:38 | 000,071,680 | —- | M] (Microsoft Corporation) — C:windowssystem32RegisterIEPKEYs.exe
[2013/06/23 03:11:56 | 000,073,728 | —- | M] (Microsoft Corporation) — C:windowssystem32SetIEInstalledDate.exe
[2013/07/09 03:49:42 | 000,025,600 | —- | M] (Microsoft Corporation) — C:windowssystem32setup16.exe
[2013/07/09 03:49:38 | 000,002,048 | —- | M] (Microsoft Corporation) — C:windowssystem32user.exe
[2013/06/23 03:11:56 | 000,138,752 | —- | M] (Microsoft Corporation) — C:windowssystem32wextract.exe

[2010/11/21 04:25:07 | 000,238,080 | —- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 — C:windowsassemblyGAC_32BDATunePIA6.1.0.0__31bf3856ad364e35BDATunePIA.dll
[2010/11/21 04:24:01 | 000,069,120 | —- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 — C:windowsassemblyGAC_32CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
[2009/07/14 02:22:13 | 000,139,264 | —- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 — C:windowsassemblyGAC_32ehexthost326.1.0.0__31bf3856ad364e35ehexthost32.exe
[2009/07/13 22:04:37 | 000,002,274 | —- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 — C:windowsassemblyGAC_32ehexthost326.1.0.0__31bf3856ad364e35ehexthost32.exe.config
[2010/11/21 04:24:26 | 000,072,192 | —- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 — C:windowsassemblyGAC_32ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
[2010/11/21 04:25:07 | 000,134,656 | —- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE — C:windowsassemblyGAC_32mcstoredb6.1.0.0__31bf3856ad364e35mcstoredb.dll
[2009/07/14 02:24:14 | 000,507,904 | —- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C — C:windowsassemblyGAC_32Microsoft.Ink6.1.0.0__31bf3856ad364e35Microsoft.Ink.dll
[2009/07/14 02:24:28 | 000,077,824 | —- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 — C:windowsassemblyGAC_32Microsoft.Interop.Security.AzRoles2.0.0.0__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.dll
[2012/12/14 09:10:13 | 000,117,160 | —- | M] () MD5=569124F95660007F8C470D00A96CBD7D — C:windowsassemblyGAC_32Microsoft.Office.InfoPath.Client.Internal.Host.Interop12.0.0.0__71e9bce111e9429cMicrosoft.Office.Infopath.Client.Internal.Host.Interop.dll
[2010/11/21 04:25:11 | 000,163,840 | —- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 — C:windowsassemblyGAC_32Microsoft.Transactions.Bridge.Dtc3.0.0.0__b03f5f7f11d50a3aMicrosoft.Transactions.Bridge.Dtc.dll
[2012/11/10 08:29:16 | 000,367,400 | —- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 — C:windowsassemblyGAC_32Microsoft.VisualStudio.Tools.Applications.InteropAdapter8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/14 02:26:31 | 000,008,192 | —- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 — C:windowsassemblyGAC_32Microsoft.Windows.Diagnosis.SDEngine6.1.0.0__31bf3856ad364e35Microsoft.Windows.Diagnosis.SDEngine.dll
[2009/06/10 22:14:52 | 000,087,888 | —- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B — C:windowsassemblyGAC_32MSBuild3.5.0.0__b03f5f7f11d50a3aMSBuild.exe
[2009/06/10 22:14:53 | 000,001,581 | —- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 — C:windowsassemblyGAC_32MSBuild3.5.0.0__b03f5f7f11d50a3amsbuild.exe.config
[2012/11/10 08:29:07 | 001,662,976 | —- | M] () MD5=2148068617A9D2B5E08520CAD7014E64 — C:windowsassemblyGAC_32mscorcfg2.0.0.0__b03f5f7f11d50a3amscorcfg.dll
[2009/06/10 22:22:47 | 000,066,728 | —- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089big5.nlp
[2009/06/10 22:22:47 | 000,082,172 | —- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089bopomofo.nlp
[2009/06/10 22:22:58 | 000,116,756 | —- | M] () MD5=F6DFDA5A31162D848634504565F6D321 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089ksc.nlp
[2013/04/23 23:57:26 | 004,554,752 | —- | M] () MD5=F90B255442B7DF136ABE99D15036ACAB — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
[2009/06/10 22:23:13 | 000,059,342 | —- | M] () MD5=DA5748A89E22A3932387E65694B25BBB — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normidna.nlp
[2009/06/10 22:23:13 | 000,045,794 | —- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfc.nlp
[2009/06/10 22:23:13 | 000,039,284 | —- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfd.nlp
[2009/06/10 22:23:13 | 000,066,384 | —- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfkc.nlp
[2009/06/10 22:23:13 | 000,060,294 | —- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089normnfkd.nlp
[2009/06/10 22:23:14 | 000,083,748 | —- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089prc.nlp
[2009/06/10 22:23:14 | 000,083,748 | —- | M] () MD5=901863C68E6523336CAC602FE9320ABC — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089prcp.nlp
[2009/06/10 22:23:17 | 000,262,148 | —- | M] () MD5=FB59D247F7143C3B9683A547E808A88B — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
[2009/06/10 22:23:17 | 000,020,320 | —- | M] () MD5=FF13BA175F0013D2311827E0D438C60B — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
[2009/06/10 22:23:23 | 000,028,288 | —- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 — C:windowsassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089xjis.nlp
[2010/11/21 04:24:32 | 000,046,080 | —- | M] () MD5=93C4029DABC19166076BE347283AB969 — C:windowsassemblyGAC_32napcrypt6.1.0.0__31bf3856ad364e35NAPCRYPT.DLL
[2010/11/21 04:23:48 | 000,107,008 | —- | M] () MD5=E9CFC1884D1E579E82073103827FA62B — C:windowsassemblyGAC_32naphlpr6.1.0.0__31bf3856ad364e35NAPHLPR.DLL
[2009/07/13 23:04:07 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.0.Microsoft.Ink.config
[2009/07/14 02:25:25 | 000,005,632 | —- | M] () MD5=608232474C33C71F863B0866E5165C1C — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.0.Microsoft.Ink.dll
[2009/06/10 22:32:22 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:26:15 | 000,005,632 | —- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F — C:windowsassemblyGAC_32Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 22:32:22 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_32Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:23:30 | 000,005,632 | —- | M] () MD5=D6C077082EAA747911C212A9EB64A813 — C:windowsassemblyGAC_32Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 23:04:07 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.1.7.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.7.Microsoft.Ink.config
[2009/07/14 02:22:54 | 000,005,632 | —- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 — C:windowsassemblyGAC_32Policy.1.7.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.1.7.Microsoft.Ink.dll
[2009/07/13 23:04:08 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_32Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.config
[2009/07/14 02:23:04 | 000,005,632 | —- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC — C:windowsassemblyGAC_32Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.dll
[2013/04/15 23:56:15 | 004,218,880 | —- | M] () MD5=8DFB5078508924FA725C203CE179B10C — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35PresentationCore.dll
[2009/06/10 22:14:51 | 000,000,161 | —- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35PresentationFontCache.exe.config
[2013/04/19 23:55:09 | 001,737,376 | —- | M] () MD5=E0E5BB58A4C43F7DBB83352785F32DEF — C:windowsassemblyGAC_32PresentationCore3.0.0.0__31bf3856ad364e35wpfgfx_v0300.dll
[2010/11/21 04:24:15 | 000,486,400 | —- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 — C:windowsassemblyGAC_32System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
[2010/11/21 04:24:08 | 002,927,616 | —- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 — C:windowsassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll
[2010/11/21 04:24:07 | 000,258,048 | —- | M] () MD5=6DB969DF540BC71722848940D180AC08 — C:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
[2010/11/21 04:24:07 | 000,113,664 | —- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 — C:windowsassemblyGAC_32System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
[2013/04/15 23:56:16 | 000,372,736 | —- | M] () MD5=962108F1B42E442AF55588CC14F4794F — C:windowsassemblyGAC_32System.Printing3.0.0.0__31bf3856ad364e35System.Printing.dll
[2009/06/10 22:23:19 | 000,261,632 | —- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 — C:windowsassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
[2013/04/19 23:55:06 | 005,283,840 | —- | M] () MD5=2D9D6335997928AE65B3DE25609CD9F0 — C:windowsassemblyGAC_32System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll

[2010/11/21 04:24:42 | 000,249,344 | —- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C — C:windowsassemblyGAC_64BDATunePIA6.1.0.0__31bf3856ad364e35BDATunePIA.dll
[2010/11/21 04:23:56 | 000,080,896 | —- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 — C:windowsassemblyGAC_64CustomMarshalers2.0.0.0__b03f5f7f11d50a3aCustomMarshalers.dll
[2010/11/21 04:24:22 | 000,089,600 | —- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 — C:windowsassemblyGAC_64ISymWrapper2.0.0.0__b03f5f7f11d50a3aISymWrapper.dll
[2010/11/21 04:24:42 | 000,139,264 | —- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 — C:windowsassemblyGAC_64mcstoredb6.1.0.0__31bf3856ad364e35mcstoredb.dll
[2010/11/21 04:24:42 | 000,198,656 | —- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 — C:windowsassemblyGAC_64mcupdate6.1.0.0__31bf3856ad364e35mcupdate.exe
[2010/11/21 04:24:42 | 000,133,120 | —- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 — C:windowsassemblyGAC_64Mcx2Dvcs6.1.0.0__31bf3856ad364e35Mcx2Dvcs.dll
[2009/07/14 02:51:37 | 000,507,904 | —- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A — C:windowsassemblyGAC_64Microsoft.Ink6.1.0.0__31bf3856ad364e35Microsoft.Ink.dll
[2009/07/14 02:51:13 | 000,077,824 | —- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 — C:windowsassemblyGAC_64Microsoft.Interop.Security.AzRoles2.0.0.0__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.dll
[2011/08/17 06:28:23 | 000,315,392 | —- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Interop6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Interop.dll
[2010/11/21 04:24:42 | 000,147,968 | —- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 — C:windowsassemblyGAC_64Microsoft.MediaCenter.iTV.Media6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.iTV.Media.dll
[2010/11/21 04:24:42 | 000,056,320 | —- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Mheg6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Mheg.dll
[2010/11/21 04:24:42 | 000,114,688 | —- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 — C:windowsassemblyGAC_64Microsoft.MediaCenter.Playback6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.Playback.dll
[2010/11/21 04:24:42 | 000,327,168 | —- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 — C:windowsassemblyGAC_64Microsoft.MediaCenter.TV.Tuners.Interop6.1.0.0__31bf3856ad364e35Microsoft.MediaCenter.TV.Tuners.Interop.dll
[2010/11/21 04:24:53 | 000,163,840 | —- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E — C:windowsassemblyGAC_64Microsoft.Transactions.Bridge.Dtc3.0.0.0__b03f5f7f11d50a3aMicrosoft.Transactions.Bridge.Dtc.dll
[2012/11/10 08:29:15 | 000,454,440 | —- | M] () MD5=78D01EA9CE232F25ACE9024E12950853 — C:windowsassemblyGAC_64Microsoft.VisualStudio.Tools.Applications.InteropAdapter8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualStudio.Tools.Applications.InteropAdapter.dll
[2009/07/14 02:49:27 | 000,008,192 | —- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA — C:windowsassemblyGAC_64Microsoft.Windows.Diagnosis.SDEngine6.1.0.0__31bf3856ad364e35Microsoft.Windows.Diagnosis.SDEngine.dll
[2010/11/21 04:24:49 | 000,019,968 | —- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 — C:windowsassemblyGAC_64Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop6.1.0.0__31bf3856ad364e35Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
[2010/11/21 04:24:59 | 000,083,792 | —- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D — C:windowsassemblyGAC_64MSBuild3.5.0.0__b03f5f7f11d50a3aMSBuild.exe
[2009/06/10 21:31:02 | 000,001,581 | —- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 — C:windowsassemblyGAC_64MSBuild3.5.0.0__b03f5f7f11d50a3amsbuild.exe.config
[2009/06/10 21:39:44 | 000,066,728 | —- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089big5.nlp
[2009/06/10 21:39:44 | 000,082,172 | —- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089bopomofo.nlp
[2009/06/10 21:39:54 | 000,116,756 | —- | M] () MD5=F6DFDA5A31162D848634504565F6D321 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089ksc.nlp
[2013/04/23 23:56:10 | 004,567,040 | —- | M] () MD5=32B844F1DAA7912FBBB119047303E73F — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089mscorlib.dll
[2009/06/10 21:40:01 | 000,059,342 | —- | M] () MD5=DA5748A89E22A3932387E65694B25BBB — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normidna.nlp
[2009/06/10 21:40:01 | 000,045,794 | —- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfc.nlp
[2009/06/10 21:40:01 | 000,039,284 | —- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfd.nlp
[2009/06/10 21:40:01 | 000,066,384 | —- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfkc.nlp
[2009/06/10 21:40:01 | 000,060,294 | —- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089normnfkd.nlp
[2009/06/10 21:40:01 | 000,083,748 | —- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089prc.nlp
[2009/06/10 21:40:01 | 000,083,748 | —- | M] () MD5=901863C68E6523336CAC602FE9320ABC — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089prcp.nlp
[2009/06/10 21:40:02 | 000,262,148 | —- | M] () MD5=FB59D247F7143C3B9683A547E808A88B — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
[2009/06/10 21:40:02 | 000,020,320 | —- | M] () MD5=FF13BA175F0013D2311827E0D438C60B — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
[2009/06/10 21:40:10 | 000,028,288 | —- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 — C:windowsassemblyGAC_64mscorlib2.0.0.0__b77a5c561934e089xjis.nlp
[2010/11/21 04:24:16 | 000,050,176 | —- | M] () MD5=E0773633E4193B183FB396192581BD86 — C:windowsassemblyGAC_64napcrypt6.1.0.0__31bf3856ad364e35NAPCRYPT.DLL
[2010/11/21 04:24:24 | 000,133,632 | —- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B — C:windowsassemblyGAC_64naphlpr6.1.0.0__31bf3856ad364e35NAPHLPR.DLL
[2009/06/10 21:51:13 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_64Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:52:10 | 000,005,120 | —- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 — C:windowsassemblyGAC_64Policy.1.0.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2009/06/10 21:51:13 | 000,000,494 | —- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 — C:windowsassemblyGAC_64Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2009/07/14 02:50:32 | 000,005,120 | —- | M] () MD5=265830B968EC5512E923C5482A5F5EEB — C:windowsassemblyGAC_64Policy.1.2.Microsoft.Interop.Security.AzRoles6.1.7600.16385__31bf3856ad364e35Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2009/07/13 22:54:48 | 000,000,442 | —- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B — C:windowsassemblyGAC_64Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.config
[2009/07/14 02:50:49 | 000,005,120 | —- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 — C:windowsassemblyGAC_64Policy.6.0.Microsoft.Ink6.1.0.0__31bf3856ad364e35Policy.6.0.Microsoft.Ink.dll
[2013/04/15 23:55:18 | 003,998,208 | —- | M] () MD5=AE098D9D3BD83440C59A0C3386F4F5DD — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35PresentationCore.dll
[2009/06/10 21:30:59 | 000,000,161 | —- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35PresentationFontCache.exe.config
[2013/04/19 23:54:21 | 002,256,032 | —- | M] () MD5=6E656C325A5519A3A9D951709958CF6F — C:windowsassemblyGAC_64PresentationCore3.0.0.0__31bf3856ad364e35wpfgfx_v0300.dll
[2010/11/21 04:24:09 | 000,502,272 | —- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C — C:windowsassemblyGAC_64System.Data.OracleClient2.0.0.0__b77a5c561934e089System.Data.OracleClient.dll
[2010/11/21 04:24:02 | 003,095,552 | —- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B — C:windowsassemblyGAC_64System.Data2.0.0.0__b77a5c561934e089System.Data.dll
[2010/11/21 04:24:01 | 000,245,760 | —- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 — C:windowsassemblyGAC_64System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.dll
[2010/11/21 04:24:01 | 000,133,120 | —- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 — C:windowsassemblyGAC_64System.EnterpriseServices2.0.0.0__b03f5f7f11d50a3aSystem.EnterpriseServices.Wrapper.dll
[2013/04/15 23:55:19 | 000,358,912 | —- | M] () MD5=D5B9510CA085D4E04BEBD2C47CD50925 — C:windowsassemblyGAC_64System.Printing3.0.0.0__31bf3856ad364e35System.Printing.dll
[2009/06/10 21:40:06 | 000,283,136 | —- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C — C:windowsassemblyGAC_64System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll
[2013/04/19 23:54:20 | 005,292,032 | —- | M] () MD5=EB0E4FD11A19D25ED65ACE37277BFC7B — C:windowsassemblyGAC_64System.Web2.0.0.0__b03f5f7f11d50a3aSystem.Web.dll

[2013/05/27 15:14:34 | 000,000,000 | -H– | M] () — C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun-1E-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock
[2013/09/01 08:53:59 | 000,118,378 | —- | M] () — C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log

[1 C:windows*.tmp files -> C:windows*.tmp -> ]

“DefaultConnectionSettings” = 46 00 00 00 7D 0B 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
“SavedLegacySettings” = 46 00 00 00 20 07 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 CC D6 29 E0 A3 68 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 C5 1C 0C 96 00 00 00 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C5 1C 0C 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 3C 55 39 82 3A E3 F3 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes]
“Connexion r�seau” = 46 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [binary data]

Invalid Switch:

[2009/07/14 06:08:49 | 000,000,006 | -H– | C] () — C:windowsTasksSA.DAT
[2009/07/14 06:08:49 | 000,032,496 | —- | C] () — C:windowsTasksSCHEDLGU.TXT
[2012/03/14 21:17:22 | 000,000,830 | —- | C] () — C:windowsTasksAdobe Flash Player Updater.job
[2012/03/14 21:22:55 | 000,001,078 | —- | C] () — C:windowsTasksGoogleUpdateTaskMachineCore.job
[2012/03/14 21:22:57 | 000,001,082 | —- | C] () — C:windowsTasksGoogleUpdateTaskMachineUA.job
[2012/11/30 19:41:37 | 000,000,902 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job
[2012/11/30 19:41:38 | 000,000,924 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job
[2013/06/09 19:54:14 | 000,000,942 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job
[2013/06/09 19:54:15 | 000,000,964 | —- | C] () — C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job

salut , désolé j avais pas de connexion sur mon pc d’apres ce temps la , mon clé orange a été endommagé ,.. bref ;
All processes killed
========== OTL ==========
HKLMSOFTWAREMicrosoftInternet ExplorerMain\Secondary Start Pages| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@adobe.com/FlashPlayer not found.
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0 not found.
File C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll () => WildTangent Games not found.
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
File C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) => Toolbar.Google not found.
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AA58ED58-01DD-4d91-8333-CF10577473F7} not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry value HKEY_USERSS-1-5-19\SoftwareMicrosoftWindowsCurrentVersionRunOnce\mctadmin not found.
Registry value HKEY_USERSS-1-5-20\SoftwareMicrosoftWindowsCurrentVersionRunOnce\mctadmin not found.
Registry key HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExtAdd to Google Photos Screensa&ver not found.
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\WebCheck not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.
Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad\WebCheck not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.
Folder C:Program FilesBitdefender not found.
Folder C:Program FilesCommon FilesBitdefender not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
File C:windowstasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
File C:windowssystem32configsystemprofileNtUser.dat.LOG1 => Fichiers de rapport (Log) not found.
File C:windowssystem32configsystemprofileNtUser.dat.LOG2 => Fichiers de rapport (Log) not found.
C:windowsServiceProfilesNetworkServiceAppDataLocalTempMpCmdRun.log moved successfully.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000Core.job => Facebook Update Task User not found.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-1000UA.job => Facebook Update Task User not found.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500Core.job => Facebook Update Task User not found.
File C:windowsTasksFacebookUpdateTaskUserS-1-5-21-3799678134-1094475672-2913924675-500UA.job => Facebook Update Task User not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 6884286 bytes
->Temporary Internet Files folder emptied: 1266770 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 619168556 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: USER

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32 (64bit) .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8657771 bytes
%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2382041669 bytes

Total Files Cleaned = 2 878,00 mb

[EMPTYFLASH]

User: Administrateur
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Invité

User: Public

User: USER

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret in the current context!
Restore point Set: OTL Restore Point

OTL by OldTimer – Version 3.2.69.0 log created on 10092013_234205

FilesFolders moved on Reboot…
C:UsersAdministrateurAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.
C:UsersAdministrateurAppDataLocalMicrosoftWindowsTemporary Internet Filescounters.dat moved successfully.
File move failed. C:windowstempvmware-Systèmevmauthd.log scheduled to be moved on reboot.
C:windowstempvmware-Systèmevmware-usbarb-3280.log moved successfully.
File move failed. C:windowstempTmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

merci :) , non l’ écran bleu je pense qu il n’apparais plus voila les deux rapports :
############################## | UsbFix V 7.144 | [Recherche]

Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 12:57:26 | 10/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
RAM -> [Total : 6104 | Free : 4421]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) – 66%) [] # NTFS
D: -> CD-ROM

################## | Processus Actif |

C:windowssystem32csrss.exe (ID 808 |ParentID 688)
C:windowssystem32wininit.exe (ID 900 |ParentID 688)
C:windowssystem32csrss.exe (ID 932 |ParentID 908)
C:windowssystem32services.exe (ID 972 |ParentID 900)
C:windowssystem32lsass.exe (ID 1008 |ParentID 900)
C:windowssystem32lsm.exe (ID 1016 |ParentID 900)
C:windowssystem32svchost.exe (ID 692 |ParentID 972)
C:windowssystem32svchost.exe (ID 1072 |ParentID 972)
C:windowssystem32atiesrxx.exe (ID 1136 |ParentID 972)
C:windowssystem32winlogon.exe (ID 1176 |ParentID 908)
C:windowsSystem32svchost.exe (ID 1216 |ParentID 972)
C:windowsSystem32svchost.exe (ID 1260 |ParentID 972)
C:windowssystem32svchost.exe (ID 1292 |ParentID 972)
C:windowssystem32svchost.exe (ID 1324 |ParentID 972)
C:windowssystem32svchost.exe (ID 1620 |ParentID 972)
C:windowssystem32atieclxx.exe (ID 1668 |ParentID 1136)
C:windowssystem32svchost.exe (ID 2012 |ParentID 972)
C:WindowsSystem32GFNEXSrv.exe (ID 2040 |ParentID 972)
C:windowsSystem32spoolsv.exe (ID 1652 |ParentID 972)
C:windowssystem32taskeng.exe (ID 804 |ParentID 1324)
C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (ID 2172 |ParentID 972)
C:windowssystem32hasplms.exe (ID 2312 |ParentID 972)
C:ProgramDataDatacardServiceHWDeviceService64.exe (ID 2364 |ParentID 972)
C:Program Files (x86)InternetEverywhereInternetEverywhere_Service.exe (ID 2460 |ParentID 972)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe (ID 2480 |ParentID 972)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe (ID 2556 |ParentID 972)
C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGmdm.exe (ID 2600 |ParentID 972)
C:windowssystem32svchost.exe (ID 2776 |ParentID 972)
C:windowssystem32taskhost.exe (ID 2856 |ParentID 972)
C:windowssystem32Dwm.exe (ID 2936 |ParentID 1260)
C:Program Files (x86)Toshiba TEMPROTemproSvc.exe (ID 2944 |ParentID 972)
C:windowsExplorer.EXE (ID 2124 |ParentID 2916)
C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe (ID 1516 |ParentID 2556)
C:ProgramDataDatacardServiceDCSHelper.exe (ID 2160 |ParentID 2364)
C:windowssystem32TODDSrv.exe (ID 1776 |ParentID 972)
C:Program FilesTOSHIBAPower SaverTosCoSrv.exe (ID 1592 |ParentID 972)
C:windowsSysWOW64vmnat.exe (ID 2684 |ParentID 972)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE (ID 3112 |ParentID 972)
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe (ID 3184 |ParentID 3112)
C:Program FilesTOSHIBATECOTecoService.exe (ID 3208 |ParentID 972)
C:Program Files (x86)VMwareVMware Playervmware-authd.exe (ID 3328 |ParentID 972)
C:windowsSysWOW64vmnetdhcp.exe (ID 3384 |ParentID 972)
C:Program Files (x86)Common FilesVMwareUSBvmware-usbarbitrator64.exe (ID 3404 |ParentID 972)
C:windowssystem32wbemwmiprvse.exe (ID 3484 |ParentID 692)
C:windowssystem32wbemunsecapp.exe (ID 3524 |ParentID 692)
C:windowssystem32svchost.exe (ID 3936 |ParentID 972)
C:windowsservicingTrustedInstaller.exe (ID 4004 |ParentID 972)
C:Program FilesRealtekAudioHDARAVCpl64.exe (ID 3304 |ParentID 2124)
C:Program FilesSRS LabsSRS Control PanelSRSPanel_64.exe (ID 3772 |ParentID 2124)
C:Program FilesSynapticsSynTPSynTPEnh.exe (ID 2188 |ParentID 2124)
C:Program FilesTOSHIBAPower SaverTPwrMain.exe (ID 2148 |ParentID 2124)
C:Program FilesTOSHIBAFlashCardsTCrdMain.exe (ID 4108 |ParentID 2124)
C:Program FilesTOSHIBATECOTeco.exe (ID 4148 |ParentID 2124)
C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe (ID 4288 |ParentID 2124)
C:Program Files (x86)Toshiba TEMPROTemproTray.exe (ID 4344 |ParentID 2124)
C:Program Files (x86)TOSHIBATOSHIBA Online Product InformationTOPI.exe (ID 4452 |ParentID 2124)
C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (ID 4472 |ParentID 2124)
C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe (ID 4528 |ParentID 2124)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtMng.exe (ID 4572 |ParentID 2124)
C:Program Files (x86)InternetEverywhereInternetEverywhere_Launcher.exe (ID 4664 |ParentID 2124)
C:Program FilesTOSHIBATOSHIBA Places Icon UtilityTosDIMonitor.exe (ID 4724 |ParentID 2124)
C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler.exe (ID 4820 |ParentID 4780)
C:Program Files (x86)GoogleUpdate1.3.21.153GoogleCrashHandler64.exe (ID 4832 |ParentID 4780)
C:windowssystem32wbemwmiprvse.exe (ID 4972 |ParentID 692)
C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe (ID 5096 |ParentID 4544)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe (ID 2164 |ParentID 4064)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtSrv.exe (ID 4828 |ParentID 972)
C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.EXE (ID 5020 |ParentID 4180)
C:windowssystem32SearchIndexer.exe (ID 4440 |ParentID 972)
C:windowssystem32svchost.exe (ID 4356 |ParentID 972)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeSrvUseMng.exe (ID 5484 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeBtMng.exe (ID 5516 |ParentID 692)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosLeSrvProvider.exe (ID 5604 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosA2dp.exe (ID 5632 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHid.exe (ID 5676 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHsp.exe (ID 5724 |ParentID 4572)
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe (ID 5864 |ParentID 2164)
C:Program Files (x86)ToshibaBluetooth Toshiba StackTosAVRC.exe (ID 5908 |ParentID 4572)
C:Program Files (x86)ToshibaBluetooth Toshiba StacktosOBEX.exe (ID 4896 |ParentID 4572)
C:Program Files (x86)TOSHIBABluetooth Toshiba StacktosBtProc.exe (ID 5396 |ParentID 4896)
C:windowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe (ID 7124 |ParentID 972)
C:UsbFixGo.exe (ID 6336 |ParentID 2920)
C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID 6808 |ParentID 972)
C:Program Files (x86)NeroUpdateNASvc.exe (ID 2808 |ParentID 972)
C:windowssystem32sppsvc.exe (ID 6184 |ParentID 972)
C:windowsSystem32svchost.exe (ID 1552 |ParentID 972)
C:Program FilesTOSHIBATPHMTPCHSrv.exe (ID 6768 |ParentID 972)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe (ID 5012 |ParentID 972)
C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSENotify.exe (ID 6888 |ParentID 4228)
C:Program FilesWindows Media Playerwmpnetwk.exe (ID 7372 |ParentID 972)
C:Program FilesTOSHIBATPHMTPCHWMsg.exe (ID 7748 |ParentID 4192)
C:windowssystem32svchost.exe (ID 8120 |ParentID 972)

################## | Regedit Run |

HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [Facebook Update] – “C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-18SOFTWARE | RunOnce : [osk.exe] – osk.exe
HKUS-1-5-18SOFTWARE | RunOnce : [Application Restart #0] – C:WindowsSystem32osk.exe

################## | Éléments infectieux |

################## | Registre |

Présent! HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr
Présent! HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

############################## | UsbFix V 7.144 | [Suppression]

Utilisateur: Administrateur (Administrateur) # USER-TOSH
Mis à jour le 08/10/2013 par El Desaparecido – Team SosVirus
Lancé à 15:40:31 | 10/10/2013

Site Web: http://www.usbfix.net/” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware: upload_malware.php
Contact: http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Type2 – Board Vendor Name1 (Type2 – Board Product Name1)
CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
RAM -> [Total : 6104 | Free : 4933]
Bios: Insyde Corp.
Boot: Fail-safe with network boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16686

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Kaspersky Anti-Virus [(!) Disabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 450 Go (298 Go libre(s) – 66%) [] # NTFS
D: -> CD-ROM

################## | Regedit Run |

HKLMSOFTWARE | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWARE | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWARE | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWARE | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWARE | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWAREwow6432Node | Run : [NBAgent] – “C:Program Files (x86)NeroNero 11Nero BackItUpNBAgent.exe” /WinStart
HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
HKLMSOFTWAREwow6432Node | Run : [StartCCC] – “C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe” MSRun
HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
HKLMSOFTWAREwow6432Node | Run : [SwitchBoard] – C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
HKLMSOFTWAREwow6432Node | Run : [AdobeCS6ServiceManager] – “C:Program Files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe” -launchedbylogin
HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky Anti-Virus 2013avp.exe”
HKLMSOFTWARE | RunOnce : [] –
HKLMSOFTWAREwow6432Node | RunOnce : [] –
HKUS-1-5-19SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-19SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-20SOFTWARE | Run : [Sidebar] – %ProgramFiles%Windows SidebarSidebar.exe /autoRun
HKUS-1-5-20SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STAR
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [swg] – “C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe”
HKUS-1-5-21-3799678134-1094475672-2913924675-500SOFTWARE | Run : [Facebook Update] – “C:UsersAdministrateurAppDataLocalFacebookUpdateFacebookUpdate.exe” /c /nocrashserver
HKUS-1-5-18SOFTWARE | Run : [TOPI.EXE] – C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe /STARTUP
HKUS-1-5-18SOFTWARE | RunOnce : [osk.exe] – osk.exe
HKUS-1-5-18SOFTWARE | RunOnce : [Application Restart #0] – C:WindowsSystem32osk.exe

################## | Processus Stoppés |

Stoppé! C:windowssystem32ctfmon.exe (ID 1552 |ParentID 1508)
Stoppé! C:windowssystem32DllHost.exe (ID 1796 |ParentID 812)

################## | Éléments infectieux |

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKUS-1-5-21-3799678134-1094475672-2913924675-500SoftwareMicrosoftWindowsCurrentVersionPoliciesSystem|DisableTaskMgr

################## | Listing |

[19/05/2013 – 00:36:11 | SHD ] C:$Recycle.Bin
[01/09/2013 – 07:32:28 | D ] C:AdwCleaner
[26/08/2013 – 22:34:51 | RASHD ] C:Autorun.inf
[28/08/2013 – 18:41:46 | N | 2691] C:bdlog.txt
[15/03/2012 – 20:26:46 | SHD ] C:Boot
[21/11/2010 – 04:23:51 | RASH | 383786] C:bootmgr
[15/03/2012 – 20:26:49 | N | 8192] C:BOOTSECT.BAK
[11/01/2013 – 14:17:16 | D ] C:c60592a295c769f4d1820b14e0f0d2
[14/07/2009 – 06:08:56 | SHD ] C:Documents and Settings
[19/05/2013 – 15:04:24 | D ] C:EasyPHP
[10/10/2013 – 15:39:51 | ASH | 4800225280] C:hiberfil.sys
[10/11/2012 – 08:25:46 | D ] C:IDE
[07/04/2012 – 16:58:15 | D ] C:Intel
[10/11/2012 – 08:24:40 | RHD ] C:MSOCache
[10/10/2013 – 15:39:51 | ASH | 6400303104] C:pagefile.sys
[02/09/2013 – 17:55:08 | N | 512] C:PhysicalDisk0_MBR.bin
[19/09/2013 – 00:45:40 | D ] C:Program Files
[13/09/2013 – 23:56:10 | D ] C:Program Files (x86)
[01/09/2013 – 12:54:22 | HD ] C:ProgramData
[01/09/2013 – 16:27:10 | D ] C:Sounds
[09/10/2013 – 23:43:26 | SHD ] C:System Volume Information
[16/05/2013 – 09:44:46 | D ] C:temp
[28/06/2012 – 11:12:04 | D ] C:Toshiba
[10/10/2013 – 15:43:48 | D ] C:UsbFix
[26/08/2013 – 22:33:21 | N | 12060] C:UsbFix [Clean 3] USER-TOSH.txt
[10/10/2013 – 12:16:21 | N | 11104] C:UsbFix [Clean 6] USER-TOSH.txt
[10/10/2013 – 13:06:13 | N | 9957] C:UsbFix [Clean 7] USER-TOSH.txt
[10/10/2013 – 15:44:52 | A | 5892] C:UsbFix [Clean 8] USER-TOSH.txt
[26/08/2013 – 22:35:03 | N | 2944] C:UsbFix [Listing 1 ] USER-TOSH.txt
[05/09/2013 – 00:42:38 | N | 4534] C:UsbFix [Listing 2 ] USER-TOSH.txt
[25/08/2013 – 23:35:12 | N | 10964] C:UsbFix [Scan 1] USER-TOSH.txt
[26/08/2013 – 22:21:47 | N | 10191] C:UsbFix [Scan 2] USER-TOSH.txt
[28/08/2013 – 01:36:31 | N | 10853] C:UsbFix [Scan 5] USER-TOSH.txt
[30/08/2013 – 02:24:24 | N | 9829] C:UsbFix [Scan 6] USER-TOSH.txt
[10/10/2013 – 12:15:02 | N | 12783] C:UsbFix [Scan 7] USER-TOSH.txt
[10/10/2013 – 13:05:15 | N | 11427] C:UsbFix [Scan 8] USER-TOSH.txt
[19/05/2013 – 00:37:41 | D ] C:Users
[05/10/2013 – 20:57:29 | D ] C:Windows
[03/09/2013 – 00:51:52 | D ] C:ZHP
[19/09/2013 – 00:45:37 | D ] C:_OTL

################## | Vaccin |

C:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

ree , parce que l’autre membre ma dit que le flash n’est pas infecté et le problème viens du pc , a propos d’ecrant bleu il apparaît encore :/

re ,le volume c: est integre , merci