Exos-Eliot.txt

Document joint : GKlkGhGbNPR_Exos-Eliot.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþSlt Eliot

Exercice supérieur n°4

Lien:

[spoiler]Scan result of Farbar Recovery Scan outil (FRST) (x86) Version: 13-01-2014 02
Ran by SYSTEM on REATOGO on 14-01-2014 13:46:00
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(FinePrint Software, LLC) C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Mobogenie\DaemonProcess.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Kevin\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Kevin\Local Settings\Application Data\Akamai\netsession_win.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Adobe Systems Incorporated) C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VBoxTray] - C:\WINDOWS\system32\VBoxTray.exe [1312016 2013-12-18] (Oracle Corporation)
HKU\Kevin\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2014-01-14] (Google Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761024 2013-12-11] ()
HKU\Kevin\...\Run: [Google Update*] - [x]

========================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 VBoxService; C:\Windows\System32\VBoxService.exe [1503504 2013-12-18] (Oracle Corporation)
S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{e459fab5-9ce1-ec8b-07db-a39975a958ee}\ \ \???\{e459fab5-9ce1-ec8b-07db-a39975a958ee}\GoogleUpdate.exe"

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [117008 2013-12-18] (Oracle Corporation)
S3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [100112 2013-12-18] (Oracle Corporation)
S1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [244496 2013-12-18] (Oracle Corporation)
S3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [117520 2013-12-18] (Oracle Corporation)
S1 WS2IFSL;

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\ac97intc.sys 0F2D66D5F08EBE2F77BB904288DCF6F0
C:\Windows\System32\DRIVERS\ACPI.sys E5E6DBFC41EA8AAD005CB9A57A96B43B
C:\Windows\System32\Drivers\ACPIEC.sys E4ABC1212B70BB03D35E60681C447210
C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\Windows\System32\drivers\afd.sys 322D0E36693D6E24A2398BEE62A268CD
C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\Windows\System32\DRIVERS\CmBatt.sys 0F6C187D38D98F8DF904589A5F94D411
C:\Windows\System32\DRIVERS\compbatt.sys 6E4C9F21F0FAE8940661144F41B13203
C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\Windows\System32\drivers\dmboot.sys F5DEADD42335FB33EDCA74ECB2F36CBA
C:\Windows\System32\drivers\dmio.sys 5A7C47C9B3F9FB92A66410A7509F0C71
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\Windows\System32\Drivers\Fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\Windows\System32\Drivers\Fips.sys 31F923EB2170FC172C81ABDA0045D18C
C:\Windows\System32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\Windows\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys A86859B77B908C18C2657F284AA29FE3
C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\Windows\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9
C:\Windows\System32\DRIVERS\i8042prt.sys A09BDC4ED10E3B2E0EC27BB94AF32516
C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\Windows\System32\DRIVERS\intelide.sys 4B6DA2F0A4095857A9E3F3697399D575
C:\Windows\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\Windows\System32\DRIVERS\isapnp.sys 355836975A67B6554BCA60328CD6CB74
C:\Windows\System32\DRIVERS\kbdclass.sys 16813155807C6881F4BFBF6657424659
C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\Windows\System32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517
C:\WINDOWS\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys 510ADE9327FE84C10254E1902697E25F
C:\Windows\System32\DRIVERS\mouclass.sys 027C01BD7EF3349AAEBC883D8A799EFB
C:\Windows\System32\DRIVERS\mouhid.sys 124D6846040C79B9C997F78EF4B2A4E5
C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\Windows\System32\DRIVERS\mrxsmb.sys 68755F0FF16070178B54674FE5B847B0
C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\Windows\System32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1
C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\Windows\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F
C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\Windows\System32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A
C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\parport.sys 8FD0BDBEA875D06CCF6C945CA9ABAF75
C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\Windows\System32\Drivers\ParVdm.sys 9575C5630DB8FB804649A6959737154C
C:\Windows\System32\DRIVERS\pci.sys 043410877BDA580C528F45165F7125BC
C:\Windows\System32\Drivers\Pcmcia.sys F0406CBC60BDB0394A0E17FFB04CDD3D
C:\Windows\System32\DRIVERS\pcntpci5.sys 7BC8027D56FAB153A987C56AE9835664
C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\Windows\System32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD
C:\Windows\System32\DRIVERS\redbook.sys D8EB2A7904DB6C916EB5361878DDCBAE
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys 93D313C31F7AD9EA2B75F26075413C7C
C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\Windows\System32\DRIVERS\sr.sys 39626E6DC1FB39434EC40C42722B660A
C:\Windows\System32\DRIVERS\srv.sys 5252605079810904E31C332E241CD59B
C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\Windows\System32\DRIVERS\tcpip.sys 93EA8D04EC73A85DB02EB8805988F733
C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\Windows\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B
C:\Windows\System32\DRIVERS\VBoxGuest.sys EF2AB6ED00612174208CA15DCE6C926F
C:\Windows\System32\DRIVERS\VBoxMouse.sys C6ADB8FC34C902DF785E8C31FA36124E
C:\Windows\System32\drivers\VBoxSF.sys 5C425F29AC9D863DBD16013E33A51A41
C:\Windows\System32\DRIVERS\VBoxVideo.sys 1C82BB24AFBC479384F15BFD0F6CF273
C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\Windows\System32\Drivers\VolSnap.sys 46DE1126684369BACE4849E4FC8C43CA
C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-14 07:08 - 2014-01-14 07:08 - 00000000 ____D C:\Windows\CSC
2014-01-14 07:06 - 2014-01-14 07:11 - 00000004 _____ C:\Documents and Settings\Kevin\Application Data\skype.ini
2014-01-14 06:59 - 2014-01-14 06:59 - 00012328 _____ C:\Documents and Settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-14 06:13 - 2014-01-14 06:13 - 00000000 ____D C:\FRST
2014-01-14 06:12 - 2014-01-14 06:12 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Google
2014-01-14 06:59 - 2014-01-14 06:59 - 00012328 _____c:\users\Kevin\appdata\local\we4032.dll",Startup
2014-01-14 05:51 - 2008-04-14 07:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\system\SHELL.DLL
2014-01-14 05:51 - 2008-04-14 07:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system\TIMER.DRV
2014-01-14 05:51 - 2008-04-14 07:00 - 00003360 _____ (Microsoft Corporation) C:\Windows\system\SYSTEM.DRV
2014-01-14 05:51 - 2008-04-14 07:00 - 00003072 ____N C:\Windows\System32\CONFIG.TMP
2014-01-14 05:51 - 2008-04-14 07:00 - 00002176 _____ (Microsoft Corporation) C:\Windows\system\VGA.DRV
2014-01-14 05:51 - 2008-04-14 07:00 - 00002032 _____ (Microsoft Corporation) C:\Windows\system\MOUSE.DRV
2014-01-14 05:51 - 2008-04-14 07:00 - 00002000 _____ (Microsoft Corporation) C:\Windows\system\KEYBOARD.DRV
2014-01-14 05:51 - 2008-04-14 07:00 - 00001896 _____ C:\Windows\System32\AUTOEXEC.NT
2014-01-14 05:51 - 2008-04-14 07:00 - 00001744 _____ (Microsoft Corporation) C:\Windows\system\SOUND.DRV
2014-01-14 05:51 - 2008-04-14 07:00 - 00001152 _____ (Microsoft Corporation) C:\Windows\system\MMTASK.TSK
2014-01-14 05:51 - 2008-04-13 14:33 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\storprop.dll
2014-01-14 05:50 - 2014-01-14 06:44 - 00209267 _____ C:\Windows\setupapi.log
2014-01-14 05:50 - 2014-01-14 05:50 - 01093632 _____ C:\Windows\System32\config\software.sav
2014-01-14 05:50 - 2014-01-14 05:50 - 00409600 _____ C:\Windows\System32\config\system.sav
2014-01-14 05:50 - 2014-01-14 05:50 - 00262144 _____ C:\Windows\System32\config\userdiff
2014-01-14 05:50 - 2014-01-14 05:50 - 00094208 _____ C:\Windows\System32\config\default.sav
2014-01-14 05:50 - 2014-01-14 05:50 - 00001024 ____H C:\Windows\System32\config\userdiff.LOG
2014-01-14 05:50 - 2014-01-14 05:50 - 00001024 ____H C:\Windows\System32\config\TempKey.LOG
2014-01-14 05:50 - 2014-01-14 05:50 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 05:50 - 2014-01-14 05:03 - 00090296 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-14 05:50 - 2014-01-14 05:02 - 00170548 _____ C:\Windows\setupact.log
2014-01-14 05:50 - 2014-01-14 04:55 - 00000212 ___SH C:\boot.ini
2014-01-14 05:50 - 2008-04-14 07:00 - 01246130 ____R C:\Windows\SET3.tmp
2014-01-14 05:43 - 2014-01-14 05:51 - 00000000 ____D C:\Windows\system
2014-01-14 05:43 - 2014-01-14 05:50 - 00000000 ____D C:\Windows\L2Schemas
2014-01-14 05:43 - 2014-01-14 05:49 - 00000000 ____D C:\Windows\System32\usmt
2014-01-14 05:43 - 2014-01-14 05:49 - 00000000 ____D C:\Windows\System32\npp
2014-01-14 05:43 - 2014-01-14 05:49 - 00000000 ____D C:\Windows\System32\fr
2014-01-14 05:43 - 2014-01-14 05:49 - 00000000 ____D C:\Windows\PeerNet
2014-01-14 05:43 - 2014-01-14 05:49 - 00000000 ____D C:\Windows\msagent
2014-01-14 05:43 - 2014-01-14 05:49 - 00000000 ____D C:\Windows\Media
2014-01-14 05:43 - 2014-01-14 05:46 - 00000000 ____D C:\Windows\twain_32
2014-01-14 05:43 - 2014-01-14 05:46 - 00000000 ____D C:\Windows\System32\1036
2014-01-14 05:43 - 2014-01-14 05:45 - 00000000 ____D C:\Windows\System32\ras
2014-01-14 05:43 - 2014-01-14 05:45 - 00000000 ____D C:\Windows\System32\icsxml
2014-01-14 05:43 - 2014-01-14 05:44 - 00000000 ____D C:\Windows\System32\1033
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\wins
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\ShellExt
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\mui
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\inetsrv
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\IME
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\export
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\Drivers\disdn
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\dhcp
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\3com_dmi
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\3076
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\2052
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1054
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1042
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1041
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1037
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1031
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1028
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1025
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Resources
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Provisioning
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\mui
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\java
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Driver Cache
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Connection Wizard
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\addins
2014-01-14 05:43 - 2014-01-14 04:59 - 00000000 ____D C:\Windows\System32\ias
2014-01-14 05:43 - 2014-01-14 04:59 - 00000000 ____D C:\Windows\security
2014-01-14 05:43 - 2014-01-14 04:59 - 00000000 ____D C:\Windows\repair
2014-01-14 05:43 - 2014-01-14 04:59 - 00000000 ____D C:\Windows\ime
2014-01-14 05:43 - 2014-01-14 04:58 - 00000000 ___RD C:\Windows\Web
2014-01-14 05:43 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\pchealth
2014-01-14 05:43 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\Help
2014-01-14 05:43 - 2014-01-14 04:56 - 00000000 ____D C:\Windows\Cursors
2014-01-14 05:43 - 2014-01-14 04:55 - 00000000 ____D C:\Windows\System32\spool
2014-01-14 05:43 - 2014-01-14 04:55 - 00000000 ____D C:\Windows\System32\fr-fr
2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 ____D C:\Program Files\fifa
2014-01-14 05:28 - 2014-01-14 05:28 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\TuneUp Software
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-14 05:24 - 2013-04-04 08:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-01-14 05:21 - 2014-01-14 05:21 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 05:20 - 2014-01-14 06:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-14 05:20 - 2014-01-14 05:20 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\MFAData
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\Program Files\Defraggler
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\programdata\BearShare
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\program files (x86)\BearShare Applications
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\programdata\{D398BDFF-BC85-4852-B26D-4CA820357DB2}
2014-01-14 05:18 - 2014-01-14 07:00 - 00000000 ____D C:\Program Files\Google
2014-01-14 05:18 - 2014-01-14 07:00 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Google
2014-01-14 05:18 - 2014-01-14 05:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Mozilla
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-14 05:12 - 2014-01-14 05:12 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2014-01-14 05:12 - 2014-01-14 05:12 - 00000000 ____D C:\program files (x86)\sgpsa\BHO.dll
2014-01-14 05:10 - 2014-01-14 05:10 - 00000000 ____D C:\Program Files\Oracle
2014-01-14 05:10 - 2013-12-18 10:33 - 01312016 _____ (Oracle Corporation) C:\Windows\System32\VBoxTray.exe
2014-01-14 05:10 - 2013-12-18 10:33 - 01080592 _____ (Oracle Corporation) C:\Windows\System32\VBoxControl.exe
2014-01-14 05:10 - 2013-12-18 10:32 - 00117520 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxVideo.sys
2014-01-14 05:10 - 2013-12-18 10:32 - 00117008 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxGuest.sys
2014-01-14 05:10 - 2013-12-18 10:32 - 00077072 _____ (Oracle Corporation) C:\Windows\System32\VBoxDisp.dll
2014-01-14 05:04 - 2014-01-14 07:09 - 00000184 ___SH C:\Documents and Settings\Kevin\ntuser.ini
2014-01-14 05:04 - 2014-01-14 07:03 - 00000000 ____D C:\Documents and Settings\Kevin\Bureau
2014-01-14 05:04 - 2014-01-14 05:51 - 00000000 ___RD C:\Documents and Settings\Kevin\Menu Dýÿmarrer
2014-01-14 05:04 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Kevin\Voisinage rýÿseau
2014-01-14 05:04 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Kevin\Voisinage d'impression
2014-01-14 05:04 - 2014-01-14 05:04 - 00000000 ___SD C:\Documents and Settings\Kevin\Local Settings\Historique
2014-01-14 05:04 - 2014-01-14 05:04 - 00000000 ___RD C:\Documents and Settings\Kevin\Favoris
2014-01-14 05:04 - 2014-01-14 04:56 - 00000000 ___HD C:\Documents and Settings\Kevin\Modýÿles
2014-01-14 05:03 - 2014-01-14 06:59 - 00007454 _____ C:\Windows\SchedLgU.Txt
2014-01-14 05:03 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\NetworkService\Local Settings\Historique
2014-01-14 05:03 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Historique
2014-01-14 05:03 - 2014-01-14 05:03 - 00008192 _____ C:\Windows\REGLOCS.OLD
2014-01-14 05:03 - 2014-01-14 05:03 - 00000020 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2014-01-14 05:03 - 2014-01-14 05:03 - 00000020 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2014-01-14 04:59 - 2014-01-14 04:59 - 00316640 _____ C:\Windows\WMSysPr9.prx
2014-01-14 04:59 - 2014-01-14 04:59 - 00023392 _____ C:\Windows\System32\nscompat.tlb
2014-01-14 04:59 - 2014-01-14 04:59 - 00016832 _____ C:\Windows\System32\amcompat.tlb
2014-01-14 04:59 - 2014-01-14 04:59 - 00003072 _____ C:\Windows\System32\CONFIG.NT
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 __RSH C:\MSDOS.SYS
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 __RSH C:\IO.SYS
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Windows\System32\xircom
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Program Files\xerox
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Program Files\microsoft frontpage
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 _____ C:\Windows\control.ini
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 _____ C:\CONFIG.SYS
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 _____ C:\AUTOEXEC.BAT
2014-01-14 04:58 - 2014-01-14 07:10 - 00017393 _____ C:\Windows\WindowsUpdate.log
2014-01-14 04:58 - 2014-01-14 04:59 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\wuaucpl.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\sapi.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\nwc.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\ncpa.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\cdplayer.exe.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000488 ___RH C:\Windows\System32\WindowsLogon.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000488 ___RH C:\Windows\System32\logonui.exe.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ___RD C:\Windows\Offline Web Pages
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ___HD C:\Program Files\WindowsUpdate
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ____D C:\Program Files\Services en ligne
2014-01-14 04:57 - 2014-01-14 05:03 - 00000000 ____D C:\Windows\System32\Restore
2014-01-14 04:57 - 2014-01-14 04:57 - 00001022 _____ C:\Windows\sessmgr.setup.log
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\System32\Macromed
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\System32\DirectX
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\srchasst
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Outlook Express
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\NetMeeting
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Movie Maker
2014-01-14 04:57 - 2008-04-14 07:00 - 04399505 ____C C:\Windows\System32\dllcache\nls302en.lex
2014-01-14 04:57 - 2008-04-14 07:00 - 04399505 ____C C:\Windows\System32\dllcache\nls302en.lex
2014-01-14 04:57 - 2008-04-14 07:00 - 00000984 ____C C:\Windows\System32\dllcache\srframe.mmf
2014-01-14 04:57 - 2008-04-14 07:00 - 00000984 ____C C:\Windows\System32\dllcache\srframe.mmf
2014-01-14 04:56 - 2014-01-14 05:04 - 00000936 _____ C:\Windows\wmsetup.log
2014-01-14 04:56 - 2014-01-14 04:59 - 00000000 ____D C:\Windows\Registration
2014-01-14 04:56 - 2014-01-14 04:56 - 00021892 _____ C:\Windows\System32\emptyregdb.dat
2014-01-14 04:56 - 2014-01-14 04:56 - 00000130 _____ C:\Windows\DtcInstall.log
2014-01-14 04:56 - 2014-01-14 04:56 - 00000037 _____ C:\Windows\vbaddin.ini
2014-01-14 04:56 - 2014-01-14 04:56 - 00000036 _____ C:\Windows\vb.ini
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Online Services
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\MSN Gaming Zone
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Messenger
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\ComPlus Applications
2014-01-14 04:56 - 2008-04-14 07:00 - 00027768 _____ C:\Windows\System32\tslabels.ini
2014-01-14 04:56 - 2008-04-14 07:00 - 00026680 _____ C:\Windows\Riviýÿre Sumida.bmp
2014-01-14 04:56 - 2008-04-14 07:00 - 00026582 _____ C:\Windows\Granit vert.bmp
2014-01-14 04:56 - 2008-04-14 07:00 - 00024006 _____ C:\Windows\System32\gb2312.uce
2014-01-14 04:56 - 2008-04-14 07:00 - 00022984 _____ C:\Windows\System32\bopomofo.uce
2014-01-14 04:56 - 2008-04-14 07:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\qwinsta.exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\msg.exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\tsshutdn.exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\qappsrv.exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00017362 _____ C:\Windows\Rhododendron.bmp
2014-01-14 04:56 - 2008-04-14 07:00 - 00017336 _____ C:\Windows\Jour de pýÿche.bmp
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\Windows\Tasse ýÿ cafýÿ.bmp
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\program files (x86)\sgpsa\mtwb3sh.dll
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\users\Kevin\appdata\local\we4032.dll",Startup
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\users\Kevin\appdata\local\houiphcfm\qhkdcacshdw.exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\users\Kevin\appdata\local\microsoft\windows\temporary internet files\content.ie5\sadfc401\access[1].exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00016740 _____ C:\Windows\System32\shiftjis.uce
2014-01-14 04:56 - 2008-04-14 07:00 - 00016730 _____ C:\Windows\Plume.bmp
2014-01-14 04:56 - 2008-04-14 07:00 - 00003914 _____ C:\Windows\System32\msdtcprf.ini
2014-01-14 04:56 - 2008-04-14 07:00 - 00003286 _____ C:\Windows\System32\tslabels.h
2014-01-14 04:56 - 2008-04-14 07:00 - 00001272 _____ C:\Windows\Rosace bleue 16.bmp
2014-01-14 04:56 - 2008-04-14 07:00 - 00001263 _____ C:\Windows\System32\usrlogon.cmd
2014-01-14 04:56 - 2008-04-14 07:00 - 00000768 _____ C:\Windows\System32\msdtcprf.h
2014-01-14 04:55 - 2014-01-14 04:56 - 00000000 ____D C:\Windows\System32\MsDtc
2014-01-14 04:55 - 2014-01-14 04:56 - 00000000 ____D C:\Windows\System32\Com
2014-01-14 04:55 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Windows NT
2014-01-14 04:55 - 2014-01-14 04:55 - 00000200 _____ C:\Windows\cmsetacl.log
2014-01-14 04:55 - 2014-01-14 04:55 - 00000000 ____D C:\Program Files\MSN
2014-01-14 04:55 - 2008-04-14 07:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\msdtc.exe
2014-01-14 04:55 - 2008-04-14 07:00 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\dcomcnfg.exe
2014-01-14 04:55 - 2008-04-14 07:00 - 00004096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mtxex.dll
2014-01-14 04:55 - 2008-04-14 07:00 - 00004096 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mtxex.dll
2014-01-14 04:55 - 2008-04-14 07:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\mtxex.dll
2014-01-14 04:55 - 2008-04-13 13:34 - 00040840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys
2014-01-14 04:55 - 2008-04-13 05:32 - 00196224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys
2013-12-18 10:34 - 2013-12-18 10:34 - 01469712 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLpackspu.dll
2013-12-18 10:34 - 2013-12-18 10:34 - 01360656 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGL.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 01503504 _____ (Oracle Corporation) C:\Windows\System32\VBoxService.exe
2013-12-18 10:33 - 2013-12-18 10:33 - 01259280 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLcrutil.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 01040144 _____ (Oracle Corporation) C:\Windows\System32\VBoxMRXNP.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00845584 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLfeedbackspu.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00550672 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLarrayspu.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00126224 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLerrorspu.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00086800 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLpassthroughspu.dll
2013-12-18 10:32 - 2013-12-18 10:32 - 00244496 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxSF.sys
2013-12-18 10:32 - 2013-12-18 10:32 - 00100112 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxMouse.sys
2013-12-18 10:32 - 2013-12-18 10:32 - 00052496 _____ (Oracle Corporation) C:\Windows\System32\VBoxHook.dll

==================== One Month Modified Files and Folders =======

2014-01-14 07:11 - 2014-01-14 07:06 - 00000004 _____ C:\Documents and Settings\Kevin\Application Data\skype.ini
2014-01-14 07:10 - 2014-01-14 04:58 - 00017393 _____ C:\Windows\WindowsUpdate.log
2014-01-14 07:09 - 2014-01-14 05:04 - 00000184 ___SH C:\Documents and Settings\Kevin\ntuser.ini
2014-01-14 07:08 - 2014-01-14 07:08 - 00000000 ____D C:\Windows\CSC
2014-01-14 07:03 - 2014-01-14 05:04 - 00000000 ____D C:\Documents and Settings\Kevin\Bureau
2014-01-14 07:00 - 2014-01-14 05:18 - 00000000 ____D C:\Program Files\Google
2014-01-14 07:00 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Google
2014-01-14 06:59 - 2014-01-14 06:59 - 00012328 _____ C:\Documents and Settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-14 06:59 - 2014-01-14 05:03 - 00007454 _____ C:\Windows\SchedLgU.Txt
2014-01-14 06:58 - 2014-01-14 05:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-14 06:44 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\All Users\Bureau
2014-01-14 06:44 - 2014-01-14 05:50 - 00209267 _____ C:\Windows\setupapi.log
2014-01-14 06:44 - 2014-01-14 05:51 - 00000000 ____C C:\WINDOWS\Tasks\Pricora-codedownloader.job
2014-01-14 06:44 - 2014-01-14 05:51 - 00000000 ____C C:\WINDOWS\Tasks\Pricora-chromeinstaller.job
2014-01-14 06:44 - 2014-01-14 05:51 - 00000000 ____C C:\WINDOWS\Tasks\Pricora-firefoxinstaller.job
2014-01-14 06:13 - 2014-01-14 06:13 - 00000000 ____D C:\FRST
2014-01-14 06:12 - 2014-01-14 06:12 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Google
2014-01-14 05:53 - 2014-01-14 05:53 - 00004444 _____ C:\Windows\System32\pid.PNF
2014-01-14 05:52 - 2014-01-14 05:52 - 00000393 _____ C:\Windows\wiadebug.log
2014-01-14 05:52 - 2014-01-14 05:52 - 00000050 _____ C:\Windows\wiaservc.log
2014-01-14 05:52 - 2014-01-14 05:52 - 00000000 _____ C:\Windows\Sti_Trace.log
2014-01-14 05:51 - 2014-01-14 05:51 - 00001470 _____ C:\Windows\regopt.log
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___SD C:\Documents and Settings\Default User\Local Settings\Historique
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___RD C:\Documents and Settings\Default User\Menu Dýÿmarrer
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Voisinage rýÿseau
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Voisinage d'impression
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\All Users\Modýÿles
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\Default User\Favoris
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\Default User\Bureau
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\All Users\Favoris
2014-01-14 05:51 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\system
2014-01-14 05:51 - 2014-01-14 05:04 - 00000000 ___RD C:\Documents and Settings\Kevin\Menu Dýÿmarrer
2014-01-14 05:51 - 2014-01-14 05:04 - 00000000 ___HD C:\Documents and Settings\Kevin\Voisinage rýÿseau
2014-01-14 05:51 - 2014-01-14 05:04 - 00000000 ___HD C:\Documents and Settings\Kevin\Voisinage d'impression
2014-01-14 05:51 - 2014-01-14 05:03 - 00000000 ___HD C:\Documents and Settings\NetworkService\Local Settings\Historique
2014-01-14 05:51 - 2014-01-14 05:03 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Historique
2014-01-14 05:51 - 2008-04-14 07:00 - 00000231 _____ C:\Windows\system.ini
2014-01-14 05:50 - 2014-01-14 05:50 - 01093632 _____ C:\Windows\System32\config\software.sav
2014-01-14 05:50 - 2014-01-14 05:50 - 00409600 _____ C:\Windows\System32\config\system.sav
2014-01-14 05:50 - 2014-01-14 05:50 - 00262144 _____ C:\Windows\System32\config\userdiff
2014-01-14 05:50 - 2014-01-14 05:50 - 00094208 _____ C:\Windows\System32\config\default.sav
2014-01-14 05:50 - 2014-01-14 05:50 - 00001024 ____H C:\Windows\System32\config\userdiff.LOG
2014-01-14 05:50 - 2014-01-14 05:50 - 00001024 ____H C:\Windows\System32\config\TempKey.LOG
2014-01-14 04:56 - 2008-04-14 07:00 - 00010240 _____ C:\program files (x86)\antivirus 2009
2014-01-14 04:56 - 2008-04-14 07:00 - 00010240 _____ C:\program files (x86)\antivirus 2009\av2009.exe
2014-01-14 05:50 - 2014-01-14 05:50 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 05:50 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\L2Schemas
2014-01-14 05:49 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\usmt
2014-01-14 05:49 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\npp
2014-01-14 05:49 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\fr
2014-01-14 05:49 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\PeerNet
2014-01-14 05:49 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\msagent
2014-01-14 05:49 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Media
2014-01-14 05:46 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\twain_32
2014-01-14 05:46 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1036
2014-01-14 05:45 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\ras
2014-01-14 05:45 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\icsxml
2014-01-14 05:44 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1033
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\wins
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\ShellExt
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\mui
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\inetsrv
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\IME
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\export
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\Drivers\disdn
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\dhcp
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\3com_dmi
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\3076
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\2052
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1054
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1042
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1041
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1037
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1031
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1028
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\1025
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Resources
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Provisioning
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\mui
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\java
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Driver Cache
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Connection Wizard
2014-01-14 05:43 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\addins
2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 ____D C:\Program Files\fifa
2014-01-14 05:28 - 2014-01-14 05:28 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\TuneUp Software
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-14 05:21 - 2014-01-14 05:21 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 05:20 - 2014-01-14 05:20 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\MFAData
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\Program Files\Defraggler
2014-01-14 05:19 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Mozilla
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\users\Kevin\appdata\roaming\2B2CF94012581557DBFF5E801EB42A26
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-14 05:12 - 2014-01-14 05:12 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2014-01-14 05:10 - 2014-01-14 05:10 - 00000000 ____D C:\Program Files\Oracle
2014-01-14 05:05 - 2014-01-14 05:51 - 00775210 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-14 05:04 - 2014-01-14 05:04 - 00000000 ___SD C:\Documents and Settings\Kevin\Local Settings\Historique
2014-01-14 05:04 - 2014-01-14 05:04 - 00000000 ___RD C:\Documents and Settings\Kevin\Favoris
2014-01-14 05:04 - 2014-01-14 04:56 - 00000936 _____ C:\Windows\wmsetup.log
2014-01-14 05:04 - 2008-04-14 07:00 - 00002206 _____ C:\Windows\System32\wpa.dbl
2014-01-14 05:03 - 2014-01-14 05:50 - 00090296 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-14 05:03 - 2014-01-14 05:03 - 00008192 _____ C:\Windows\REGLOCS.OLD
2014-01-14 05:03 - 2014-01-14 05:03 - 00000020 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2014-01-14 05:03 - 2014-01-14 05:03 - 00000020 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2014-01-14 05:03 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\System32\Restore
2014-01-14 05:02 - 2014-01-14 05:51 - 00049064 _____ C:\Windows\iis6.log
2014-01-14 05:02 - 2014-01-14 05:51 - 00016202 _____ C:\Windows\comsetup.log
2014-01-14 05:02 - 2014-01-14 05:51 - 00010818 _____ C:\Windows\tsoc.log
2014-01-14 05:02 - 2014-01-14 05:51 - 00008071 _____ C:\Windows\ntdtcsetup.log
2014-01-14 05:02 - 2014-01-14 05:51 - 00004382 _____ C:\Windows\imsins.log
2014-01-14 05:02 - 2014-01-14 05:51 - 00001252 _____ C:\Windows\tabletoc.log
2014-01-14 05:02 - 2014-01-14 05:51 - 00000885 _____ C:\Windows\ocmsn.log
2014-01-14 05:02 - 2014-01-14 05:51 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Dýÿmarrer
2014-01-14 05:02 - 2014-01-14 05:50 - 00170548 _____ C:\Windows\setupact.log
2014-01-14 04:59 - 2014-01-14 05:51 - 00004205 _____ C:\Windows\ODBCINST.INI
2014-01-14 04:59 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\ias
2014-01-14 04:59 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\security
2014-01-14 04:59 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\repair
2014-01-14 04:59 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\ime
2014-01-14 04:59 - 2014-01-14 04:59 - 00316640 _____ C:\Windows\WMSysPr9.prx
2014-01-14 04:59 - 2014-01-14 04:59 - 00023392 _____ C:\Windows\System32\nscompat.tlb
2014-01-14 04:59 - 2014-01-14 04:59 - 00016832 _____ C:\Windows\System32\amcompat.tlb
2014-01-14 04:59 - 2014-01-14 04:59 - 00003072 _____ C:\Windows\System32\CONFIG.NT
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 __RSH C:\MSDOS.SYS
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 __RSH C:\IO.SYS
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Windows\System32\xircom
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Program Files\xerox
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Program Files\microsoft frontpage
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 _____ C:\Windows\control.ini
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 _____ C:\CONFIG.SYS
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 _____ C:\AUTOEXEC.BAT
2014-01-14 04:59 - 2014-01-14 04:58 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2014-01-14 04:59 - 2014-01-14 04:56 - 00000000 ____D C:\Windows\Registration
2014-01-14 04:59 - 2008-04-14 07:00 - 00000477 _____ C:\Windows\win.ini
2014-01-14 04:58 - 2014-01-14 05:43 - 00000000 ___RD C:\Windows\Web
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\wuaucpl.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\sapi.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\nwc.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\ncpa.cpl.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000749 ___RH C:\Windows\System32\cdplayer.exe.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000488 ___RH C:\Windows\System32\WindowsLogon.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000488 ___RH C:\Windows\System32\logonui.exe.manifest
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ___RD C:\Windows\Offline Web Pages
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ___HD C:\Program Files\WindowsUpdate
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ____D C:\Program Files\Services en ligne
2014-01-14 04:57 - 2014-01-14 05:51 - 00014772 _____ C:\Windows\ocgen.log
2014-01-14 04:57 - 2014-01-14 05:51 - 00011537 _____ C:\Windows\FaxSetup.log
2014-01-14 04:57 - 2014-01-14 05:51 - 00002790 _____ C:\Windows\netfxocm.log
2014-01-14 04:57 - 2014-01-14 05:51 - 00001487 _____ C:\Windows\MedCtrOC.log
2014-01-14 04:57 - 2014-01-14 05:51 - 00000871 _____ C:\Windows\msgsocm.log
2014-01-14 04:57 - 2014-01-14 05:51 - 00000000 ____D C:\Program Files\Fichiers communs
2014-01-14 04:57 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\pchealth
2014-01-14 04:57 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Help
2014-01-14 04:57 - 2014-01-14 04:57 - 00001022 _____ C:\Windows\sessmgr.setup.log
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\System32\Macromed
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\System32\DirectX
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Windows\srchasst
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Outlook Express
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\NetMeeting
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Movie Maker
2014-01-14 04:56 - 2014-01-14 05:51 - 00010222 _____ C:\Windows\msmqinst.log
2014-01-14 04:56 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Modýÿles
2014-01-14 04:56 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Cursors
2014-01-14 04:56 - 2014-01-14 05:04 - 00000000 ___HD C:\Documents and Settings\Kevin\Modýÿles
2014-01-14 04:56 - 2014-01-14 04:56 - 00021892 _____ C:\Windows\System32\emptyregdb.dat
2014-01-14 04:56 - 2014-01-14 04:56 - 00000130 _____ C:\Windows\DtcInstall.log
2014-01-14 04:56 - 2014-01-14 04:56 - 00000037 _____ C:\Windows\vbaddin.ini
2014-01-14 04:56 - 2014-01-14 04:56 - 00000036 _____ C:\Windows\vb.ini
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Online Services
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\MSN Gaming Zone
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Messenger
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\ComPlus Applications
2014-01-14 04:56 - 2014-01-14 04:55 - 00000000 ____D C:\Windows\System32\MsDtc
2014-01-14 04:56 - 2014-01-14 04:55 - 00000000 ____D C:\Windows\System32\Com
2014-01-14 04:56 - 2014-01-14 04:55 - 00000000 ____D C:\Program Files\Windows NT
2014-01-14 04:55 - 2014-01-14 05:50 - 00000212 ___SH C:\boot.ini
2014-01-14 04:55 - 2014-01-14 05:43 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Mobogenie
2014-01-14 04:55 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\spool
2014-01-14 04:55 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\System32\fr-fr
2014-01-14 04:55 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\Installer\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}\icon.ico
2014-01-14 04:55 - 2014-01-14 04:55 - 00000200 _____ C:\Windows\cmsetacl.log
2014-01-14 04:55 - 2014-01-14 04:55 - 00000000 ____D C:\Program Files\MSN
2013-12-18 10:34 - 2013-12-18 10:34 - 01469712 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLpackspu.dll
2013-12-18 10:34 - 2013-12-18 10:34 - 01360656 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGL.dll
2013-12-18 10:33 - 2014-01-14 05:10 - 01312016 _____ (Oracle Corporation) C:\Windows\System32\VBoxTray.exe
2013-12-18 10:33 - 2014-01-14 05:10 - 01080592 _____ (Oracle Corporation) C:\Windows\System32\VBoxControl.exe
2013-12-18 10:33 - 2013-12-18 10:33 - 01503504 _____ (Oracle Corporation) C:\Windows\System32\VBoxService.exe
2013-12-18 10:33 - 2013-12-18 10:33 - 01259280 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLcrutil.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 01040144 _____ (Oracle Corporation) C:\Windows\System32\VBoxMRXNP.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00845584 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLfeedbackspu.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00550672 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLarrayspu.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00126224 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLerrorspu.dll
2013-12-18 10:33 - 2013-12-18 10:33 - 00086800 _____ (Oracle Corporation) C:\Windows\System32\VBoxOGLpassthroughspu.dll
2013-12-18 10:32 - 2014-01-14 05:10 - 00117520 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxVideo.sys
2013-12-18 10:32 - 2014-01-14 05:10 - 00117008 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxGuest.sys
2013-12-18 10:32 - 2014-01-14 05:10 - 00077072 _____ (Oracle Corporation) C:\Windows\System32\VBoxDisp.dll
2013-12-18 10:32 - 2013-12-18 10:32 - 00244496 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxSF.sys
2013-12-18 10:32 - 2013-12-18 10:32 - 00100112 _____ (Oracle Corporation) C:\Windows\System32\Drivers\VBoxMouse.sys
2013-12-18 10:32 - 2013-12-18 10:32 - 00052496 _____ (Oracle Corporation) C:\Windows\System32\VBoxHook.dll

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2008-04-14 07:00] - [2008-04-14 07:00] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-04-14 07:00] - [2008-04-14 07:00] - 0109056 ____A (Microsoft Corporation) 54cb50058851d95e56ec70d09f70857f

C:\Windows\System32\User32.dll
[2008-04-14 07:00] - [2008-04-14 07:00] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2008-04-14 07:00] - [2008-04-14 07:00] - 0399360 ____A (Microsoft Corporation) 3d65eb82e1fa6db15a33e024c9e03cab

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2014-01-14 06:45 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP5

RP: -> 2014-01-14 06:43 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP4

RP: -> 2014-01-14 05:25 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP3

RP: -> 2014-01-14 05:24 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP2

RP: -> 2014-01-14 05:05 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP1

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 851.48 MB
Available physical RAM: 668 MB
Total Pagefile: 770.97 MB
Available Pagefile: 669.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.08 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:9.99 GB) (Free:6.2 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 10 GB) (Disk ID: 96A696A6)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[/spoiler]

Exercice supérieur n°5

Lien

[spoiler]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-01-2014 02
Ran by SYSTEM on REATOGO on 14-01-2014 13:46:00
Running from B:\Documents and Settings\Default User\Desktop
Microsoft Windows XP (X86) OS Language: Français (France)
Internet Explorer Version 6
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(FinePrint Software, LLC) C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Kevin\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Kevin\Local Settings\Application Data\Akamai\netsession_win.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Adobe Systems Incorporated) C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VBoxTray] - C:\WINDOWS\system32\VBoxTray.exe [1312016 2013-12-18] (Oracle Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2014-01-14] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Kevin\Application Data\skype.dat [ 2008-04-14] ()
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe [761024 2013-12-11] ()

========================== Services (Whitelisted) =================

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 VBoxService; C:\Windows\System32\VBoxService.exe [1503504 2013-12-18] (Oracle Corporation)
S2 Antivirus2009 service; C:\program files\antivirus 2009\av2009.exe [10240 2014-01-14] (Antivirus 2009)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [117008 2013-12-18] (Oracle Corporation)
S3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [100112 2013-12-18] (Oracle Corporation)
S1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [244496 2013-12-18] (Oracle Corporation)
S3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [117520 2014-01-14] (Oracle Corporation)
S1 WS2IFSL;

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\ac97intc.sys 0F2D66D5F08EBE2F77BB904288DCF6F0
C:\Windows\System32\DRIVERS\ACPI.sys E5E6DBFC41EA8AAD005CB9A57A96B43B
C:\Windows\System32\Drivers\ACPIEC.sys E4ABC1212B70BB03D35E60681C447210
C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\Windows\System32\drivers\afd.sys 322D0E36693D6E24A2398BEE62A268CD
C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\Windows\System32\DRIVERS\CmBatt.sys 0F6C187D38D98F8DF904589A5F94D411
C:\Windows\System32\DRIVERS\compbatt.sys 6E4C9F21F0FAE8940661144F41B13203
C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\Windows\System32\drivers\dmboot.sys F5DEADD42335FB33EDCA74ECB2F36CBA
C:\Windows\System32\drivers\dmio.sys 5A7C47C9B3F9FB92A66410A7509F0C71
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\Windows\System32\Drivers\Fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\Windows\System32\Drivers\Fips.sys 31F923EB2170FC172C81ABDA0045D18C
C:\Windows\System32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\Windows\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys A86859B77B908C18C2657F284AA29FE3
C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\Windows\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9
C:\Windows\System32\DRIVERS\i8042prt.sys A09BDC4ED10E3B2E0EC27BB94AF32516
C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\Windows\System32\DRIVERS\intelide.sys 4B6DA2F0A4095857A9E3F3697399D575
C:\Windows\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\Windows\System32\DRIVERS\isapnp.sys 355836975A67B6554BCA60328CD6CB74
C:\Windows\System32\DRIVERS\kbdclass.sys 16813155807C6881F4BFBF6657424659
C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\Windows\System32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517
C:\WINDOWS\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys 510ADE9327FE84C10254E1902697E25F
C:\Windows\System32\DRIVERS\mouclass.sys 027C01BD7EF3349AAEBC883D8A799EFB
C:\Windows\System32\DRIVERS\mouhid.sys 124D6846040C79B9C997F78EF4B2A4E5
C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\Windows\System32\DRIVERS\mrxsmb.sys 68755F0FF16070178B54674FE5B847B0
C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\Windows\System32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1
C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\Windows\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F
C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\Windows\System32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A
C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\parport.sys 8FD0BDBEA875D06CCF6C945CA9ABAF75
C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\Windows\System32\Drivers\ParVdm.sys 9575C5630DB8FB804649A6959737154C
C:\Windows\System32\DRIVERS\pci.sys 043410877BDA580C528F45165F7125BC
C:\Windows\System32\Drivers\Pcmcia.sys F0406CBC60BDB0394A0E17FFB04CDD3D
C:\Windows\System32\DRIVERS\pcntpci5.sys 7BC8027D56FAB153A987C56AE9835664
C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\Windows\System32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD
C:\Windows\System32\DRIVERS\redbook.sys D8EB2A7904DB6C916EB5361878DDCBAE
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys 93D313C31F7AD9EA2B75F26075413C7C
C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\Windows\System32\DRIVERS\sr.sys 39626E6DC1FB39434EC40C42722B660A
C:\Windows\System32\DRIVERS\srv.sys 5252605079810904E31C332E241CD59B
C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\Windows\System32\DRIVERS\tcpip.sys 93EA8D04EC73A85DB02EB8805988F733
C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\Windows\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B
C:\Windows\System32\DRIVERS\VBoxGuest.sys EF2AB6ED00612174208CA15DCE6C926F
C:\Windows\System32\DRIVERS\VBoxMouse.sys C6ADB8FC34C902DF785E8C31FA36124E
C:\Windows\System32\drivers\VBoxSF.sys 5C425F29AC9D863DBD16013E33A51A41
C:\Windows\System32\DRIVERS\VBoxVideo.sys 1C82BB24AFBC479384F15BFD0F6CF273
C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\Windows\System32\Drivers\VolSnap.sys 46DE1126684369BACE4849E4FC8C43CA
C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-14 07:08 - 2014-01-14 07:08 - 00000000 ____D C:\Windows\CSC
2014-01-14 07:06 - 2014-01-14 07:11 - 00000004 _____ C:\Documents and Settings\Kevin\Application Data\skype.ini
2014-01-14 06:59 - 2014-01-14 06:59 - 00012328 _____ C:\Documents and Settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-14 06:13 - 2014-01-14 06:13 - 00000000 ____D C:\FRST
2014-01-14 06:12 - 2014-01-14 06:12 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Google
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___SD C:\Documents and Settings\Default User\Local Settings\Historique
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___RD C:\Documents and Settings\Default User\Menu Démarrer
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Voisinage réseau
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Voisinage d'impression
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\All Users\Modèles
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\Default User\Favoris
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\Default User\Bureau
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\All Users\Favoris
2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 ____D C:\Program Files\fifa
2014-01-14 05:28 - 2014-01-14 05:28 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\TuneUp Software
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-14 05:24 - 2013-04-04 08:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-01-14 05:21 - 2014-01-14 05:21 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 05:20 - 2014-01-14 06:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-14 05:20 - 2014-01-14 05:20 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\MFAData
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\Program Files\Defraggler
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\programdata\{D398BDFF-BC85-4852-B26D-4CA820357DB2}
2014-01-14 05:18 - 2014-01-14 07:00 - 00000000 ____D C:\Program Files\Google
2014-01-14 05:18 - 2014-01-14 07:00 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Google
2014-01-14 05:18 - 2014-01-14 05:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Mozilla
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-14 05:12 - 2014-01-14 05:12 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2014-01-14 05:10 - 2014-01-14 05:10 - 00000000 ____D C:\Program Files\Oracle
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\\Conduit
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\PackageAware
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\BabylonToolbar
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Conduit
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\PriceGong
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\OpenCandy
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Outlook Express
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\NetMeeting
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Movie Maker
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\optimizer pro
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Online Services
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Nosibay
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\PC Speed Maximizer
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\sweetpacks bundle uninstaller
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\MSN Gaming Zone
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\avhahngah_vjaebjkvgh
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Messenger
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\ComPlus Applications
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\OfferBox
2014-01-14 04:56 - 2008-04-14 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
2014-01-14 04:56 - 2008-04-14 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\Documents and Settings\Kevin\Local Settings\Application Data\we4032.dll",Startup
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\Documents and Settings\Kevin\Local Settings\Application Data\houiphcfm\qhkdcacshdw.exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00017062 _____ C:\Documents and Settings\Kevin\Local Settings\Application Data\microsoft\windows\temporary internet files\content.ie5\sadfc401\access[1].exe
2014-01-14 04:56 - 2008-04-14 07:00 - 00000000 ____D C:\program files\antivirus 2009
2014-01-14 04:56 - 2008-04-14 07:00 - 00010240 _____ C:\program files\antivirus 2009\av2009.exe

==================== One Month Modified Files and Folders =======

2014-01-14 07:06 - 2014-01-14 07:11 - 00000004 _____ C:\Documents and Settings\Kevin\Application Data\skype.ini
2014-01-14 07:10 - 2014-01-14 04:58 - 00017393 _____ C:\Windows\WindowsUpdate.log
2014-01-14 07:09 - 2014-01-14 05:04 - 00000184 ___SH C:\Documents and Settings\Kevin\ntuser.ini
2014-01-14 07:08 - 2014-01-14 07:08 - 00000000 ____D C:\Windows\CSC
2014-01-14 07:03 - 2014-01-14 05:04 - 00000000 ____D C:\Documents and Settings\Kevin\Bureau
2014-01-14 07:00 - 2014-01-14 05:18 - 00000000 ____D C:\Program Files\Google
2014-01-14 07:00 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Google
2014-01-14 06:59 - 2014-01-14 06:59 - 00012328 _____ C:\Documents and Settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-14 06:59 - 2014-01-14 05:03 - 00007454 _____ C:\Windows\SchedLgU.Txt
2014-01-14 06:58 - 2014-01-14 05:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-14 06:44 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\All Users\Bureau
2014-01-14 06:44 - 2014-01-14 05:50 - 00209267 _____ C:\Windows\setupapi.log
2014-01-14 06:13 - 2014-01-14 06:13 - 00000000 ____D C:\FRST
2014-01-14 06:12 - 2014-01-14 06:12 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Google
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___SD C:\Documents and Settings\Default User\Local Settings\Historique
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___RD C:\Documents and Settings\Default User\Menu Démarrer
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Voisinage réseau
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Voisinage d'impression
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\All Users\Modèles
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\Default User\Favoris
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\Default User\Bureau
2014-01-14 05:51 - 2014-01-14 05:51 - 00000000 ____D C:\Documents and Settings\All Users\Favoris
2014-01-14 05:51 - 2014-01-14 05:43 - 00000000 ____D C:\Windows\system
2014-01-14 05:51 - 2014-01-14 05:04 - 00000000 ___RD C:\Documents and Settings\Kevin\Menu Démarrer
2014-01-14 05:51 - 2014-01-14 05:04 - 00000000 ___HD C:\Documents and Settings\Kevin\Voisinage réseau
2014-01-14 05:51 - 2014-01-14 05:04 - 00000000 ___HD C:\Documents and Settings\Kevin\Voisinage d'impression
2014-01-14 05:51 - 2014-01-14 05:03 - 00000000 ___HD C:\Documents and Settings\NetworkService\Local Settings\Historique
2014-01-14 05:51 - 2014-01-14 05:03 - 00000000 ___HD C:\Documents and Settings\LocalService\Local Settings\Historique
2014-01-14 05:36 - 2014-01-14 05:36 - 00000000 ____D C:\Program Files\fifa
2014-01-14 05:28 - 2014-01-14 05:28 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\TuneUp Software
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Malwarebytes
2014-01-14 05:24 - 2014-01-14 05:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-14 05:21 - 2014-01-14 05:21 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 05:20 - 2014-01-14 05:20 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\MFAData
2014-01-14 05:19 - 2014-01-14 05:19 - 00000000 ____D C:\Program Files\Defraggler
2014-01-14 05:19 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Local Settings\Application Data\Mozilla
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\Mozilla
2014-01-14 05:18 - 2014-01-14 05:18 - 00000000 ____D C:\Documents and Settings\Kevin\Application Data\2B2CF94012581557DBFF5E801EB42A26
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-14 05:17 - 2014-01-14 05:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2014-01-14 05:12 - 2014-01-14 05:12 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2014-01-14 05:10 - 2014-01-14 05:10 - 00000000 ____D C:\Program Files\Oracle
2014-01-14 05:05 - 2014-01-14 05:51 - 00775210 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-14 05:04 - 2014-01-14 05:04 - 00000000 ___SD C:\Documents and Settings\Kevin\Local Settings\Historique
2014-01-14 05:04 - 2014-01-14 05:04 - 00000000 ___RD C:\Documents and Settings\Kevin\Favoris
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Program Files\xerox
2014-01-14 04:59 - 2014-01-14 04:59 - 00000000 ____D C:\Program Files\microsoft frontpage
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ___HD C:\Program Files\WindowsUpdate
2014-01-14 04:58 - 2014-01-14 04:58 - 00000000 ____D C:\Program Files\Services en ligne
2014-01-14 04:57 - 2014-01-14 05:51 - 00000000 ____D C:\Program Files\Fichiers communs
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Outlook Express
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\NetMeeting
2014-01-14 04:57 - 2014-01-14 04:57 - 00000000 ____D C:\Program Files\Movie Maker
2014-01-14 04:56 - 2014-01-14 05:51 - 00000000 ___HD C:\Documents and Settings\Default User\Modèles
2014-01-14 04:56 - 2014-01-14 05:04 - 00000000 ___HD C:\Documents and Settings\Kevin\Modèles
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Online Services
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\MSN Gaming Zone
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\Messenger
2014-01-14 04:56 - 2014-01-14 04:56 - 00000000 ____D C:\Program Files\ComPlus Applications
2014-01-14 04:56 - 2014-01-14 04:55 - 00000000 ____D C:\Program Files\Windows NT
2014-01-14 04:55 - 2014-01-14 05:50 - 00000212 ___SH C:\boot.ini
2014-01-14 04:55 - 2014-01-14 04:55 - 00000200 _____ C:\Windows\cmsetacl.log
2014-01-14 04:55 - 2014-01-14 04:55 - 00000000 ____D C:\Program Files\MSN

Files to move or delete:
====================
C:\Documents and Settings\Kevin\Application Data\skype.dat
C:\Documents and Settings\Kevin\Application Data\skype.ini

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2008-04-14 07:00] - [2008-04-14 07:00] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-04-14 07:00] - [2008-04-14 07:00] - 0109056 ____A (Microsoft Corporation) 54cb50058851d95e56ec70d09f70857f

C:\Windows\System32\User32.dll
[2008-04-14 07:00] - [2008-04-14 07:00] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2008-04-14 07:00] - [2008-04-14 07:00] - 0399360 ____A (Microsoft Corporation) 3d65eb82e1fa6db15a33e024c9e03cab

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2014-01-14 06:45 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP5

RP: -> 2014-01-14 06:43 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP4

RP: -> 2014-01-14 05:25 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP3

RP: -> 2014-01-14 05:24 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP2

RP: -> 2014-01-14 05:05 - 024576 _restore{EF9553F2-3D3A-4E1C-ADF4-E765421D15CA}\RP1

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 851.48 MB
Available physical RAM: 668 MB
Total Pagefile: 770.97 MB
Available Pagefile: 669.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.08 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:9.99 GB) (Free:6.2 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 10 GB) (Disk ID: 96A696A6)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
[/spoiler]

Exercice supérieur n°10

Lien 1

[spoiler]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by User on 11-05-2015 07:29:16
Running from c:\Users\User\Desktop
Platform: Windows 7 Home Premium (X86) OS Language: Français (France)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(MSI) C:\Program Files\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files\MSI\Command Center\DDR\MSIDDRService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sapphire Technology Limited) D:\Sapphire TRIXX\TRIXX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Krzysztof Kowalczyk) D:\SumatraPDF\SumatraPDF.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,,c:\program files\microsoft\desktoplayer.exe
HKLM\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [x ] () <=== ATTENTION
HKLM\...\Policies\System:[ConsentPromptBehaviorAdmin] 0
HKLM\...\Policies\System:[ConsentPromptBehaviorUser] 3
HKLM\...\Policies\System:[EnableLUA] 0
HKLM\...\Policies\System:[tlebaywjrblbchbkdogdTaskMgr] 0
HKLM\...\Policies\System:[EnableUIADesktopToggle] 0
HKLM\...\Policies\System:[PromptOnSecureDesktop] 0
HKLM\...\Policies\explorer:[NoActiveDesktop] 1
HKLM\...\Policies\explorer:[BindDirectlyToPropertySetStorage] 0
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [BAE] rundll32.exe C:\Users\User\AppData\Local\bae\dvcqvouu.dll,FECoreInstance
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Adobe] rundll32.exe c:\Users\User\AppData\Local\apple\adobe\dfuut.dll,CreateInstance
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [XgbBpofj] C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [Sapaelhy] => C:\Users\User\AppData\Roaming\Ilpez\miqy.exe [188023 2015-05-08] (Oracle Corporation)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [djlertbb.exe] => C:\Users\User\AppData\Roaming\Identities\djlertbb.exe [285184 2009-07-14] (Music)
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Run: [6zvcaxR5ls4KB9Y] => C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] ()
HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Winlogon: [Shell] C:\Users\User\AppData\Roaming\watermark.exe [409600 2015-05-10] () <==== ATTENTION
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZHPDIAG.lnk [2015-05-10]
ShortcutTarget: ZHPDIAG.lnk -> C:\Program Files\ZHPDiag\ZHPDIAG.exe ()

==================== Internet (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-418592747-3305732625-987032889-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/fr-fr/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2C4A67A2-3B3B-426C-907B-99CD2E7DAB3D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{816A58B3-EF71-429F-8D66-92ACEDE5C477}: [DhcpNameServer] 192.168.171.2
Tcpip\..\Interfaces\{CC1C115D-392D-4742-B026-707A9E99D0FE}: [DhcpNameServer] 192.168.148.1

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 419ea4b7; c:\Program Files\SegmentAssister\SegmentAssister.dll [1628160 2015-05-10] ()
S2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-03-29] ()
S2 amsint32;c:\program files\microsoft\desktoplayer.exe ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 vmvss; C:\Windows\system32\dllhost.exe /Processid:{6F243D4E-40A4-48EF-B1AD-A18F163EDF0E}
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 PNPMEM; C:\Windows\System32\DRIVERS\pnpmem.sys [13312 2009-07-14] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\User~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 39806CFEDDCC55E686A49BCCD2972F23
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys 5592F5DBA26282D24D2B080EB438A4D7
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys 934AF4D7C5F457B9F0743F4299B77B67
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 3C21F7E95FFCA33EF1A83AA33D9663CF
C:\Windows\system32\drivers\mwac.sys 167BCE00050B19DA25065335645A3C7A
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys F4A054BE78AF7F410129C4B64B07DC9B
C:\Windows\System32\DRIVERS\mrxsmb10.sys DEFFA295BD1895C6ED8E3078412AC60B
C:\Windows\System32\DRIVERS\mrxsmb20.sys 24D76ABE5DCAD22F19D105F76FDF0CE1
C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 3795DCD21F740EE799FB7223234215AF
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D
C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pnpmem.sys 0C0FF5946A63C75A3D4D0CB35F787B12
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 801371BA9782282892D00AADB08EE367
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\YTDownloader\sbmntr.sys A73C4FCFF3D58647ACE0AB8E8D78A7DD
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys 4F1E5B0FE7C8050668DBFADE8999AEFB
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2BA4EBC7DFBA845A1EDBE1F75913BE33
C:\Windows\System32\DRIVERS\srv2.sys DCE7E10FEAABD4CAE95948B3DE5340BB
C:\Windows\System32\DRIVERS\srvnet.sys B5665BAA2120B8A54E22E9CD07C05106
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 2CC3D75488ABD3EC628BBB9A4FC84EFC
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 1C333BFD60F2FED2C7AD5DAF533CB742
C:\Windows\System32\DRIVERS\usbhub.sys EE6EF93CCFA94FAE8C6AB298273D8AE2
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vm3dmp.sys EDEA4B6A692F14588A4DA213C4AE4A29
C:\Windows\System32\DRIVERS\vmci.sys D644FFEA14778DDA59BDA8492BCED4B6
C:\Windows\System32\drivers\vmhgfs.sys C39E0E654DBEB1F5251EC1BE34DF71D2
C:\Windows\System32\DRIVERS\vmmouse.sys B6983C9957C2F613BF1C392EF934EB18
C:\Windows\System32\DRIVERS\vmusbmouse.sys 484CBCC4CCD0144E8410C17899441856
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 843081D296F617DDFAE4D70F2564C852
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-07-25 07:26 - 2015-07-11 07:26 - 00000000 ____D () C:\FRST
2015-05-11 16:00 - 2015-05-14 16:00 - 00000000 ____D () C:\Program Files\tmp
2015-05-11 14:45 - 2015-05-13 14:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Buqomo
2015-05-11 14:45 - 2015-05-11 14:45 - 00000000 ____D () C:\Users\User\AppData\Local\pajofoys\xgbbpofj.exe
2015-05-11 13:26 - 2015-04-27 05:26 - 00027008 ____D () C:\Windows\System32\drivers\Diskdump.sys
2015-05-11 05:26 - 2014-04-27 09:18 - 00961024 _____ () C:\Windows\System32\CPFilters.dll
2015-05-11 05:26 - 2014-08-09 11:16 - 00552960 _____ () C:\Windows\System32\msdri.dll
2015-05-11 05:26 - 2014-08-09 11:14 - 00288256 _____ () C:\Windows\System32\MSNP.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00258560 _____ () C:\Windows\System32\mpg2splt.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00204288 _____ () C:\Windows\System32\MSNP.ax
2015-05-11 05:26 - 2014-08-09 11:14 - 00199680 _____ () C:\Windows\System32\mpg2splt.ax
2015-05-10 18:17 - 2015-05-10 18:17 - 00409600 _____ () C:\Users\User\AppData\Roaming\watermark.exe
2015-05-10 18:11 - 2015-05-10 18:15 - 00000000 ____D () C:\Users\User\AppData\Local\BrowserHelper
2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\Send using Gmail
2015-05-10 18:03 - 2015-05-10 18:03 - 00000000 ____D () C:\Program Files\SegmentAssister
2015-05-09 11:36 - 2015-05-09 11:36 - 00000000 ____D () C:\_OTL
2015-05-09 07:25 - 2015-05-09 07:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-09 07:25 - 2015-05-09 07:25 - 00035064 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-05-09 07:14 - 2015-05-09 07:14 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-05-08 07:39 - 2015-05-08 07:39 - 00000000 ____D () C:\Users\User\Doctor Web
2015-05-08 07:24 - 2015-05-10 18:16 - 00000000 ___HD () C:\Users\User\Desktop\ufr_reports
2015-05-08 07:24 - 2015-05-08 07:25 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-05-08 07:22 - 2015-05-10 17:59 - 00000000 ____D () C:\Program Files\ZHPDiag
2015-05-05 18:22 - 2015-05-10 17:57 - 00001379 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-05 18:21 - 2015-05-05 18:21 - 00000182 _____ () C:\Windows\wininit.ini
2015-05-04 18:59 - 2015-05-09 07:12 - 00084320 _____ () C:\Windows\PFRO.log
2015-05-04 18:54 - 2015-05-08 07:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-05-04 18:54 - 2015-05-04 18:54 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-04 18:54 - 2015-05-04 18:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-04 18:54 - 2015-04-14 08:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-05-04 18:54 - 2015-04-14 08:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-05-04 18:54 - 2015-04-14 08:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-05-04 11:18 - 2015-05-08 07:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ZHP
2015-05-03 21:51 - 2015-02-24 03:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-05-02 19:43 - 2015-05-02 18:49 - 00000000 ____D () C:\Windows\Panther
2015-05-02 19:42 - 2015-05-02 19:42 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-05-02 19:42 - 2009-07-14 02:38 - 00383562 __RSH () C:\bootmgr
2015-05-02 19:22 - 2015-05-02 19:22 - 00014834 _____ () C:\Users\User\Downloads\epm.xml
2015-05-02 19:16 - 2015-05-03 23:33 - 00000000 ____D () C:\Program Files\Google
2015-05-02 19:16 - 2015-05-02 19:17 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-05-02 19:15 - 2015-05-02 19:16 - 00000000 ____D () C:\Users\User\AppData\Local\Deployment
2015-05-02 19:15 - 2015-05-02 19:15 - 00057560 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-02 19:12 - 2015-05-08 07:31 - 26522761 _____ () c:\program files\microsoft\desktoplayer.exe
2015-05-02 18:58 - 2015-05-05 18:28 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2015-05-02 18:58 - 2015-05-02 18:58 - 00000000 _____ () C:\Windows\nsreg.dat
2015-05-02 18:57 - 2015-05-08 07:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-02 18:57 - 2015-05-05 18:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2015-05-02 18:57 - 2015-05-02 18:57 - 00002308 _____ () C:\Windows\mozver.dat
2015-05-02 18:55 - 2015-05-10 17:53 - 01524562 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-02 18:49 - 2015-05-10 18:12 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-05-02 18:49 - 2015-05-08 07:39 - 00000000 ____D () C:\users\User
2015-05-02 18:49 - 2015-05-02 18:49 - 00000020 ___SH () C:\Users\User\ntuser.ini
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Public\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage réseau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Voisinage d'impression
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage réseau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Voisinage d'impression
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes vidéos
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Mes images
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\Documents\Ma musique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Users\User\AppData\Local\Historique
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Modèles
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Menu Démarrer
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Favoris
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\ProgramData\Bureau
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 _SHDL () C:\Program Files\Fichiers communs
2015-05-02 18:49 - 2015-05-02 18:49 - 00000000 __SHD () C:\Recovery
2015-05-02 18:46 - 2015-05-09 07:24 - 00092756 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 18:44 - 2015-05-02 18:47 - 00001313 _____ () C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 18:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-10 17:49 - 2009-07-14 05:39 - 00017328 _____ () C:\Windows\setupact.log
2015-05-10 17:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-05-08 07:35 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:59 - 2009-07-14 05:34 - 00018432 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-04 18:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\PLA
2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\wfp
2015-05-03 23:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-05-03 21:34 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-05-02 19:42 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2015-05-02 19:42 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2015-05-02 18:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-02 18:50 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\System32\restore
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 __RHD () C:\users\Default
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-02 18:49 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-02 18:48 - 2009-07-14 05:33 - 00266928 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-05-02 18:44 - 2009-07-14 05:34 - 00001774 _____ () C:\Windows\DtcInstall.log

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\8140.exe
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\MWF[BEST-HACK.RU 12.07.2013].exe
C:\Users\User\AppData\Local\Temp\sdfDB6.exe

Some zero byte size files/folders:
==========================
X:\windows\system32\Drivers\rasirda.sys

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-05-06 21:17:14

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3071.29 MB
Available physical RAM: 2375.15 MB
Total Pagefile: 6140.76 MB
Available Pagefile: 5475.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:25.91 GB) NTFS
Drive d: (Nouveau nom) (Fixed) (Total:270.45 GB) (Free:267.76 GB) NTFS
Drive e: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:270.35 GB) (Free:264.98 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:148.67 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.02 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DFD444C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

LastRegBack: 2015-05-02 18:43

==================== End Of Log ============================[/spoiler]

Lien 2

[spoiler]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by User at on 11-05-2015 07:31:45
Running from c:\Users\User\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

========================= Accounts: ==========================

Administrateur (S-1-5-21-418592747-3305732625-987032889-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-418592747-3305732625-987032889-1002 - Limited - Enabled)
Invité (S-1-5-21-418592747-3305732625-987032889-501 - Limited - Disabled)
User (S-1-5-21-418592747-3305732625-987032889-1001 - Administrator - Enabled) => C:\Users\User
Default (S-1-5-21-418592747-3305732625-987032889-1002 - Administrator - Enabled) => C:\Users\Default

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-418592747-3305732625-987032889-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{90CB2C55-426D-0752-968D-9B0F1110202A}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 17.3.1.91 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-7060D (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850804-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Module de compatibilité pour Microsoft Office System 2007 (HKLM\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice.org 3.4 (HKLM\...\{2F90A789-DD1E-41CE-BFCA-BD78213BABC7}) (Version: 3.4.9590 - OpenOffice.org)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Skype? 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Windows Live ??? (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
WinRAR 4.20 beta 2 (64 ?) (HKLM\...\WinRAR archiver) (Version: 4.20.2 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

07-09-2014 01:00:45 Windows Update
07-09-2014 16:16:00 Windows Update
07-09-2014 19:21:31 Windows Update
08-09-2014 11:40:08 Windows Update
09-09-2014 01:00:32 Windows Update
09-09-2014 19:04:56 Windows Update
10-09-2014 19:44:35 Windows Update
14-09-2014 13:08:18 Windows Update
14-09-2014 18:45:52 Windows Update
19-09-2014 10:24:30 Windows Update
20-09-2014 01:00:34 Windows Update
21-09-2014 01:00:42 Windows Update
21-09-2014 11:50:18 Windows Update
11-12-2014 15:57:21 Windows Update
12-12-2014 17:35:28 Windows Update
12-12-2014 17:48:18 Opération de restauration
12-12-2014 18:46:00 Windows Update
13-12-2014 14:12:48 Opération de restauration
13-12-2014 14:25:06 Windows Update
13-12-2014 18:41:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-03 14:07 - 00000827 ____A E:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 zief.pl
127.0.0.1 ircgalaxy.pl

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {25E0F1E7-E96D-4DAE-993A-ED1816833D03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-418592747-3305732625-987032889-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26] (Google Inc.)
Task: {31488E72-CA57-4C07-B0FB-D0F62787A9E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: {397F3301-F220-4471-A1A8-D1753F8F3860} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe
Task: {9B380C50-6820-447E-B9AC-6FD84045D840} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-15] (Adobe Systems Incorporated)
Task: {B2066645-03BC-4DE4-AE8C-9781EED97C20} - System32\Tasks\Programme de mise à jour en ligne de Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {D0EABEE3-632F-40CE-9B96-0F3F1FC69D16} - System32\Tasks\{BA5F404C-00F7-4903-80DB-8264D82A4B52} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.9.0.114&LastError=12002
Task: {D2D5F25F-3FD1-41FE-B208-50FB01492BE8} - System32\Tasks\{16FF7EC4-E881-4469-B992-565BE620AB91} => Chrome.exe http://ui.skype.com/ui/0/5.10.0.116/fr/go/help.faq.installer?LastError=1618
Task: {DCCEC415-1244-4F77-9FEA-522D6527FD04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F22902D0-941B-4FEE-A245-37D5B32CCBAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-418592747-3305732625-987032889-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-22 16:05 - 2013-02-22 03:04 - 00157696 _____ () C:\Windows\ERUNT.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files\Uninstaller.exe:crc
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:F63A059B
AlternateDataStreams: C:\ProgramData\Temp:15734396
AlternateDataStreams: C:\ProgramData\Temp:313F7672
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:9BAC4211
AlternateDataStreams: C:\ProgramData\Temp:BABCFD54

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-257537759-725223809-3029770324-1006\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-257537759-725223809-3029770324-1006\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-418592747-3305732625-987032889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A17AF945-DC37-4D29-9DBB-FCA8D6B1733E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9005C965-BA08-4D5C-9E10-6CF4593C69CE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7178515F-30EC-4214-BA03-717B1BA8C0DB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4988AD7B-2A42-46A0-865E-64D2837D5159}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5DF881C4-E032-4A73-B878-C9FFF147C2BD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{D3F04678-5069-4707-AC90-23F86F3C5175}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{048DA674-4DA8-4B7A-B13C-AD4DC278D08F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2015 08:10:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============

Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 22%
Total physical RAM: 3071.29 MB
Available physical RAM: 2375.15 MB
Total Pagefile: 6140.76 MB
Available Pagefile: 5475.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:25.91 GB) NTFS
Drive d: (Nouveau nom) (Fixed) (Total:270.45 GB) (Free:267.76 GB) NTFS
Drive e: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:270.35 GB) (Free:264.98 GB) NTFS
Drive g: () (Fixed) (Total:195.31 GB) (Free:148.67 GB) NTFS
Drive h: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.02 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DFD444C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
[/spoiler]

J'espère que c'est bon ;) @ ++++++

Signaler le contenu de ce document