Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01 Ran by Naoufel (administrator) on NAOUFEL-TOSH on 01-01-2014 19:10:25 Running from C:\Users\Naoufel\Desktop Windows 7 Home Premium (X64) OS Language: French Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (Toshiba Europe GmbH) C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-11] (Toshiba Europe GmbH) HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-03-17] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH) HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKCU\...\Policies\system: [DisableCMD] 0 HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKCU\...\Policies\Explorer: [NoFolderOptions] 0 HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [4581280 2010-03-03] (TOSHIBA) HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [4581280 2010-03-03] (TOSHIBA) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: 213.110.195.249:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {065AF15D-B528-4BF1-8E1C-6CE9F71C03C5} URL = SearchScopes: HKCU - {4D475769-CB2F-495C-A8B4-D562943A30B7} URL = http://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms} SearchScopes: HKCU - {65947FF9-C1E5-46B8-B075-9EA21559CFA5} URL = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=crm&q={searchTerms}&locale=&apn_ptnrs=^NY&apn_dtid=^YYYYYY^YY^FR&apn_uid=BA236743-BBE5-4F2B-9FBB-F5E00B04480B&apn_sauid=9E9C728C-EC00-4B75-9709-B28A87647516& BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Naoufel\AppData\Local\temp\RarSFX0\tools\BitCometBHO_1.5.4.11.dll (BitComet) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll () BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240 FireFox: ======== FF ProfilePath: C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel FF Homepage: hxxp://www.google.fr/ FF NetworkProxy: "backup.ftp", "41.89.96.19" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.socks", "41.89.96.19" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "41.89.96.19" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "41.89.96.19" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "41.89.96.19" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "41.89.96.19" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "41.89.96.19" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Naoufel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\searchplugins\wot-safe-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml FF Extension: EPUBReader - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} FF Extension: DownloadHelper - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: Old Profile Back - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\oldprof@oldprofile.me.xpi FF Extension: TimeLineRemove.Com - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\tl_r@jetpack.xpi FF Extension: Ask Toolbar - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi FF Extension: عارض PDF - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\uriloader@pdf.js.xpi FF Extension: X-notifier lite (for Gmail, Hotmail, Yahoo) - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\xnotifier.lite@tobwithu.org.xpi FF Extension: PDF Download - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi FF Extension: X-notifier - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi FF Extension: No Name - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}.xpi FF Extension: Procon Latte Content Filter - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}.xpi FF Extension: Modify Headers - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi FF Extension: Scribd PDF Downloader - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{c2921baa-9930-4d73-a203-f69db858f139}.xpi FF Extension: Adblock Plus - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Greasemonkey - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: User Agent Switcher - C:\Users\Naoufel\AppData\Roaming\Mozilla\Firefox\Profiles\47ylrki8.Naoufel\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Ma-Config.com plugin) - C:\Program Files (x86)\ma-config.com\nphardwaredetection.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Kaspersky URL Advisor) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0 CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0 CHR Extension: (ShoppingChip) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fccmcmpigpkeojndnlkmjkihcpdkljoh\1.1 CHR Extension: (Safe Money) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0 CHR Extension: (Dangerous Websites Blocker) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0 CHR Extension: (Virtual Keyboard) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4816_0 CHR Extension: (Freemake Video Converter) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0 CHR Extension: (Google Wallet) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR Extension: (Anti-Banner) - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0 CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\Naoufel\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82944 2012-03-15] (Freemake) S3 HDDSvc; C:\Program Files (x86)\HDInspectorPortable\App\HDInspector\HDDSvc.exe [484304 2012-02-28] (AltrixSoft (http://www.altrixsoft.com/)) R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2768208 2013-10-25] (CybelSoft) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ==================== S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.) R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-07-30] (Devguru Co., Ltd) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.) S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2013-10-23] (CybelSoft) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 SMCWGU; C:\Windows\System32\DRIVERS\SMCWGU.sys [558592 2007-02-05] (SMC Corporation) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys [x] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO) S3 wanatw; system32\DRIVERS\wanatw64.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6 C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys F05B22CE901FC26AE55A1A27AA674D96 C:\Windows\System32\DRIVERS\atikmpag.sys ED25D58581B5A28593C277F482FCCD62 C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrxusb.sys 788914C42AD8318F1DD7A565EAFFB049 C:\Windows\System32\DRIVERS\atikmdag.sys F05B22CE901FC26AE55A1A27AA674D96 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwl664.sys 2D659B569A76CDB83B815675A80D7096 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98 C:\Windows\System32\drivers\CHDRT64.sys 25C58EE97BE0416A373E3E4F855206B5 C:\Windows\System32\drivers\CHDMI64.sys 89C99AB4AE9535F727791592D84D4821 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CSCrySec.sys 04199CA5C4A6F6E935906A74EAFCA8E7 C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys 7D7F90460F1309B5205BF8CDFAD63E42 C:\Windows\System32\DRIVERS\ctxusbm.sys EB7439918F3E04B51CD8822FD8C8E018 C:\Windows\System32\DRIVERS\CVirtA64.sys 44BDDEB03C84A1C993C992FFB5700357 C:\Windows\system32\Drivers\CVPNDRVA.sys CC8E52DAA9826064BA464DBE531F2BB5 C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\dgderdrv.sys DEF365F0F6E017888C4B869D3BA4B8E0 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\dne64x.sys 05CB5910B3CA6019FC3CCA815EE06FFB C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064 C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C C:\Windows\system32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys 85977CD13FC16069CE0AF7943A811775 C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kl1.sys 1C6256096A341051509D36AD724830BE C:\Windows\System32\DRIVERS\klif.sys 788E5F92721849A17BD64883C49EB825 C:\Windows\System32\DRIVERS\klim6.sys 9BD99E1AB3F664120AB95C35F9EC1EB0 C:\Windows\System32\DRIVERS\klkbdflt.sys AEB50941C6D67128B14F88DB9917C4E0 C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967 C:\Windows\System32\DRIVERS\kltdi.sys 45ECF097BC6330C2054D7D43B7AD822B C:\Windows\System32\DRIVERS\kneps.sys 1FCB657B581CC4DF17FD6571F93602DE C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5 C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys 7867CACBF7B23AD04F5D18657BF15FA2 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys 8506CD0516D03955BC3C23FCF051C0C9 C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910 C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\ccdcmbx64.sys 907B5E1E4A592E5EDC5E4CCBDE4863C2 C:\Windows\System32\drivers\ccdcmbox64.sys 41C1AC1F3613435EB32D67BCB80A5FA5 C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8 C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys 907C4464381B5EBDFDC60F6C7D0DEDFC C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SMCWGU.sys 0760C01A91F04843577360B59AAFC74D C:\Windows\SysWow64\speedfan.sys 12583AF6CBE0050651EAF2723B3AD7B3 C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SynTP.sys 470C47DABA9CA3966F0AB3F835D7D135 C:\Windows\System32\DRIVERS\tap0901.sys F9BE29D5E097F03F81D3CD12B794CB66 C:\Windows\System32\DRIVERS\taphss.sys F33FDC72298DF4BF9813A55D21F4EB31 C:\Windows\System32\DRIVERS\taphss6.sys BD06799129D17F9BE08E2F6C168BBCF0 C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29 C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\Drivers\TFsExDisk.sys CE4B6956E4E12492715A53076E58761F C:\Windows\SysWow64\Drivers\TFsExDisk.sys CE4B6956E4E12492715A53076E58761F C:\Windows\System32\DRIVERS\tosporte.sys 8021F63311797085949FA387F7C83583 C:\Windows\System32\DRIVERS\tosrfbd.sys 1B09357180034639E62CF745E77AC66E C:\Windows\System32\Drivers\tosrfbnp.sys 62512B5277D88600F8BD4B7AEC43569D C:\Windows\System32\Drivers\tosrfcom.sys C523A9186C39D65CC9ADEBB2E1B93CCD C:\Windows\System32\DRIVERS\tosrfec.sys 11699D47B3491D86249C168496D55C92 C:\Windows\System32\DRIVERS\Tosrfhid.sys 451B8C1815C6CC39650AF916C2A382CD C:\Windows\System32\DRIVERS\tosrfnds.sys B6FDC3C76FFE9C5171EEA9C37EA367C2 C:\Windows\System32\drivers\tosrfsnd.sys E1E045240C1184FA6628F3C7E7FF85D8 C:\Windows\System32\DRIVERS\tosrfusb.sys DE44A2A2459D0504F146E599F4BD2074 C:\Windows\System32\drivers\truecrypt.sys C4238AF5AAF167C3E5113F98F5427A0B C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit C:\Windows\System32\DRIVERS\TVALZFL.sys 9C7191F4B2E49BFF47A6C1144B5923FA C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 4E93C8496359E97830C75AC36393654D C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9 C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\system32\drivers\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66 C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC C:\Windows\system32\drivers\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27 C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbser.sys 0F0C72A657C622286013788B886968AD C:\Windows\system32\drivers\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0 C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9 C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1 C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== Error(0) reading file: "C:\Windows\system32\ " 2014-01-01 19:10 - 2014-01-01 19:11 - 00054544 _____ C:\Users\Naoufel\Desktop\FRST.txt 2014-01-01 19:10 - 2014-01-01 19:10 - 00003359 _____ C:\Users\Naoufel\Desktop\AdwCleaner[S1].txt 2014-01-01 19:10 - 2014-01-01 19:10 - 00000000 ____D C:\FRST 2014-01-01 19:09 - 2014-01-01 18:59 - 01931302 _____ (Farbar) C:\Users\Naoufel\Desktop\FRST64.exe 2014-01-01 17:34 - 2014-01-01 17:38 - 00760063 _____ (Farbar) C:\Users\Naoufel\Desktop\MiniToolBox.exe 2014-01-01 16:22 - 2014-01-01 16:22 - 00000000 ____D C:\Users\k\AppData\Local\Macromedia 2014-01-01 15:45 - 2014-01-01 15:45 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e 2014-01-01 15:30 - 2014-01-01 15:31 - 00000000 ____D C:\Program Files (x86)\Cisco 2014-01-01 15:30 - 2014-01-01 15:30 - 00000000 ____D C:\Users\Naoufel\AppData\Roaming\InstallShield 2014-01-01 15:26 - 2013-07-18 13:54 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys 2014-01-01 14:38 - 2014-01-01 18:05 - 00000110 _____ C:\Users\Naoufel\Desktop\Nouveau document texte.txt 2014-01-01 14:31 - 2014-01-01 14:31 - 00000916 _____ C:\Users\Public\Desktop\Ma-Config.com - Démarrer la détection.lnk 2014-01-01 14:31 - 2014-01-01 14:31 - 00000000 ____D C:\Program Files\ma-config.com 2014-01-01 14:28 - 2014-01-01 14:29 - 05819160 _____ C:\Users\Naoufel\Desktop\MaConfigx64_7_1_1_0.exe 2014-01-01 14:11 - 2014-01-01 14:11 - 00002187 _____ C:\Users\k\Desktop\Safe Money.lnk 2014-01-01 14:10 - 2014-01-01 14:10 - 00000000 ____D C:\Users\k\AppData\Roaming\ICAClient 2014-01-01 14:10 - 2014-01-01 14:10 - 00000000 ____D C:\Users\k\AppData\Local\Citrix 2013-12-30 23:57 - 2013-12-31 00:02 - 00000068 _____ C:\Users\Naoufel\Desktop\Reset-FREE-WIFI.bat 2013-12-26 12:23 - 2013-12-26 12:23 - 00001045 _____ C:\Users\Naoufel\Kaspersky PURE 3.0.lnk 2013-12-26 12:23 - 2013-11-11 19:25 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll 2013-12-26 12:22 - 2013-12-26 12:22 - 00000000 ____D C:\Windows\ELAMBKUP 2013-12-26 12:22 - 2013-12-26 12:22 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-12-26 12:22 - 2013-11-11 19:25 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2013-12-26 12:22 - 2013-11-11 19:25 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2013-12-26 12:22 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys 2013-12-26 12:22 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys 2013-12-26 08:13 - 2013-12-26 08:17 - 00001230 _____ C:\Windows\system32\Journal of Endodontics Volume 22 issue 4 1996 [doi 10.1016%2Fs0099-2399%2896%2980098-7] Domenico Ricucci; Elizeu Alvaro Pascon; Kaare Langeland -- Long-term follow-up on C-shaped mandibular molars.lnk 2013-12-26 08:10 - 2013-12-26 08:13 - 00001260 _____ C:\Windows\system32\Journal of Endodontics Volume 23 issue 2 1997 [doi 10.1016%2Fs0099-2399%2897%2980254-3] Kleoniki Lyroudia; Georgios Samakovitis; Ioannis Pitas; Theodoro -- 3D reconstruction of two C-shape mandibula.lnk 2013-12-24 08:33 - 2013-12-24 08:33 - 00001091 _____ C:\Users\Naoufel\Kaspersky Internet Security.lnk 2013-12-24 08:28 - 2014-01-01 18:06 - 00004202 _____ C:\Windows\PFRO.log 2013-12-14 20:49 - 2014-01-01 00:56 - 00717844 _____ C:\Users\Naoufel\Desktop\Classeur2.xlsx 2013-12-11 13:28 - 2013-12-11 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-07 00:52 - 2013-12-07 11:46 - 00000000 ____D C:\Users\Naoufel\Desktop\PANEL ==================== One Month Modified Files and Folders ======= 2014-01-01 19:11 - 2014-01-01 19:10 - 00054544 _____ C:\Users\Naoufel\Desktop\FRST.txt 2014-01-01 19:11 - 2011-02-26 02:08 - 01194561 _____ C:\Windows\WindowsUpdate.log 2014-01-01 19:10 - 2014-01-01 19:10 - 00003359 _____ C:\Users\Naoufel\Desktop\AdwCleaner[S1].txt 2014-01-01 19:10 - 2014-01-01 19:10 - 00000000 ____D C:\FRST 2014-01-01 19:08 - 2011-02-18 17:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2014-01-01 19:07 - 2013-11-28 10:39 - 00006384 _____ C:\Windows\setupact.log 2014-01-01 19:07 - 2013-06-23 18:44 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-01 19:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-01 19:06 - 2013-10-22 05:31 - 00000000 ____D C:\AdwCleaner 2014-01-01 19:06 - 2009-07-14 16:24 - 00748274 _____ C:\Windows\system32\perfh00C.dat 2014-01-01 19:06 - 2009-07-14 16:24 - 00149882 _____ C:\Windows\system32\perfc00C.dat 2014-01-01 19:06 - 2009-07-14 06:13 - 01670280 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-01 19:06 - 2009-07-14 05:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-01 19:06 - 2009-07-14 05:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-01 19:02 - 2013-06-23 18:44 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-01 18:59 - 2014-01-01 19:09 - 01931302 _____ (Farbar) C:\Users\Naoufel\Desktop\FRST64.exe 2014-01-01 18:06 - 2013-12-24 08:28 - 00004202 _____ C:\Windows\PFRO.log 2014-01-01 18:05 - 2014-01-01 14:38 - 00000110 _____ C:\Users\Naoufel\Desktop\Nouveau document texte.txt 2014-01-01 17:38 - 2014-01-01 17:34 - 00760063 _____ (Farbar) C:\Users\Naoufel\Desktop\MiniToolBox.exe 2014-01-01 16:22 - 2014-01-01 16:22 - 00000000 ____D C:\Users\k\AppData\Local\Macromedia 2014-01-01 16:17 - 2012-03-09 11:07 - 00000131 _____ C:\Windows\SysWOW64\_WKERNEL.SYL 2014-01-01 15:53 - 2013-07-31 17:48 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3047093442-1903567900-3731960118-1000UA.job 2014-01-01 15:52 - 2011-02-25 23:38 - 00003960 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7FD7B8C0-EEC5-4D24-89CC-578BB94DCA73} 2014-01-01 15:45 - 2014-01-01 15:45 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e 2014-01-01 15:44 - 2010-05-10 06:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2014-01-01 15:31 - 2014-01-01 15:30 - 00000000 ____D C:\Program Files (x86)\Cisco 2014-01-01 15:30 - 2014-01-01 15:30 - 00000000 ____D C:\Users\Naoufel\AppData\Roaming\InstallShield 2014-01-01 15:30 - 2010-11-09 18:15 - 04171328 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS 2014-01-01 15:30 - 2010-11-09 18:15 - 03896632 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2014-01-01 15:30 - 2010-11-09 18:15 - 03561272 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2014-01-01 15:30 - 2010-11-09 18:15 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2014-01-01 15:30 - 2010-11-09 18:15 - 00006656 _____ C:\Windows\system32\bcmwlrc.dll 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\zh-HK 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\th-TH 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sl-SI 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sk-SK 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\ro-RO 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\lv-LV 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\lt-LT 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\hr-HR 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\he-IL 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\et-EE 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\bg-BG 2014-01-01 15:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\ar-SA 2014-01-01 14:31 - 2014-01-01 14:31 - 00000916 _____ C:\Users\Public\Desktop\Ma-Config.com - Démarrer la détection.lnk 2014-01-01 14:31 - 2014-01-01 14:31 - 00000000 ____D C:\Program Files\ma-config.com 2014-01-01 14:31 - 2011-02-18 15:57 - 00000000 ____D C:\ProgramData\ma-config.com 2014-01-01 14:31 - 2011-02-18 15:57 - 00000000 ____D C:\Program Files (x86)\ma-config.com 2014-01-01 14:29 - 2014-01-01 14:28 - 05819160 _____ C:\Users\Naoufel\Desktop\MaConfigx64_7_1_1_0.exe 2014-01-01 14:14 - 2012-02-17 09:42 - 00000000 ____D C:\Users\k\AppData\Local\Mozilla 2014-01-01 14:11 - 2014-01-01 14:11 - 00002187 _____ C:\Users\k\Desktop\Safe Money.lnk 2014-01-01 14:10 - 2014-01-01 14:10 - 00000000 ____D C:\Users\k\AppData\Roaming\ICAClient 2014-01-01 14:10 - 2014-01-01 14:10 - 00000000 ____D C:\Users\k\AppData\Local\Citrix 2014-01-01 14:10 - 2012-02-17 09:39 - 00178536 _____ C:\Users\k\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-01 14:10 - 2012-02-17 09:39 - 00001430 _____ C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-01 14:10 - 2012-02-17 09:39 - 00001396 _____ C:\Users\k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-01-01 12:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2014-01-01 02:34 - 2013-11-27 16:41 - 20789187 _____ C:\Users\Naoufel\Desktop\Classeur1 (version 1).xlsx 2014-01-01 02:00 - 2011-02-19 11:12 - 00000000 ____D C:\Users\Naoufel\AppData\Local\Adobe 2014-01-01 00:56 - 2013-12-14 20:49 - 00717844 _____ C:\Users\Naoufel\Desktop\Classeur2.xlsx 2013-12-31 22:41 - 2013-07-31 17:48 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3047093442-1903567900-3731960118-1000Core.job 2013-12-31 11:48 - 2013-11-10 15:44 - 00000000 ____D C:\Users\Naoufel\Desktop\Nouveau dossier (5) 2013-12-31 00:02 - 2013-12-30 23:57 - 00000068 _____ C:\Users\Naoufel\Desktop\Reset-FREE-WIFI.bat 2013-12-30 17:34 - 2012-09-01 21:59 - 00055602 _____ C:\Users\Naoufel\Desktop\IP.txt 2013-12-30 16:53 - 2012-10-08 17:18 - 00000000 ____D C:\Users\Naoufel\Desktop\Demandes 2013-12-27 18:39 - 2012-06-03 03:07 - 00000000 ____D C:\Users\Naoufel\Desktop\Nouveau dossier (2) 2013-12-26 12:29 - 2011-02-18 15:25 - 00000000 ____D C:\Users\Naoufel 2013-12-26 12:23 - 2013-12-26 12:23 - 00001045 _____ C:\Users\Naoufel\Kaspersky PURE 3.0.lnk 2013-12-26 12:22 - 2013-12-26 12:22 - 00000000 ____D C:\Windows\ELAMBKUP 2013-12-26 12:22 - 2013-12-26 12:22 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-12-26 08:17 - 2013-12-26 08:13 - 00001230 _____ C:\Windows\system32\Journal of Endodontics Volume 22 issue 4 1996 [doi 10.1016%2Fs0099-2399%2896%2980098-7] Domenico Ricucci; Elizeu Alvaro Pascon; Kaare Langeland -- Long-term follow-up on C-shaped mandibular molars.lnk 2013-12-26 08:13 - 2013-12-26 08:10 - 00001260 _____ C:\Windows\system32\Journal of Endodontics Volume 23 issue 2 1997 [doi 10.1016%2Fs0099-2399%2897%2980254-3] Kleoniki Lyroudia; Georgios Samakovitis; Ioannis Pitas; Theodoro -- 3D reconstruction of two C-shape mandibula.lnk 2013-12-25 22:25 - 2013-10-22 16:55 - 00000000 ____D C:\Users\Naoufel\Desktop\Nouveau dossier (4) 2013-12-25 00:28 - 2011-11-08 16:44 - 00039865 _____ C:\Users\Naoufel\06-11 14-00 61178.txt 2013-12-24 08:33 - 2013-12-24 08:33 - 00001091 _____ C:\Users\Naoufel\Kaspersky Internet Security.lnk 2013-12-20 21:13 - 2011-02-19 11:13 - 00000000 ____D C:\Users\Naoufel\AppData\Roaming\Skype 2013-12-14 21:20 - 2013-06-23 18:44 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-13 16:20 - 2011-03-31 17:23 - 00032138 _____ C:\Users\Naoufel\Downloads\BUDGET.xlsx 2013-12-12 15:46 - 2013-07-19 12:34 - 00000000 ____D C:\Users\Naoufel\Desktop\EBOOK---Gouvernement d'entreprise 2013-12-12 08:00 - 2012-05-02 21:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-11 13:28 - 2013-12-11 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-10 16:49 - 2013-11-23 19:54 - 00000000 ____D C:\Users\Naoufel\Desktop\Supersector 2013-12-09 08:01 - 2009-07-14 06:08 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-07 11:46 - 2013-12-07 00:52 - 00000000 ____D C:\Users\Naoufel\Desktop\PANEL 2013-12-07 10:31 - 2012-04-14 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-07 10:31 - 2011-05-14 08:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\Users\Naoufel\hotspotshield-setup.exe C:\Users\Naoufel\Kodak Easyshare CX7525 Zoom Windows 98-Me-2000-XP.exe Some content of TEMP: ==================== C:\Users\Naoufel\AppData\Local\temp\294823_.exe C:\Users\Naoufel\AppData\Local\temp\APNSetup.exe C:\Users\Naoufel\AppData\Local\temp\Foxit Updater.exe C:\Users\Naoufel\AppData\Local\temp\genteert.dll C:\Users\Naoufel\AppData\Local\temp\HssInstaller64.exe C:\Users\Naoufel\AppData\Local\temp\Quarantine.exe C:\Users\Naoufel\AppData\Local\temp\sfamcc00001.dll C:\Users\Naoufel\AppData\Local\temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== BCD ================================ Gestionnaire de d‚marrage Windows --------------------------------- identificateur {bootmgr} device partition=\Device\HarddiskVolume1 path \bootmgr description Windows Boot Manager locale fr-FR inherit {globalsettings} default {current} resumeobject {c42d5807-5bec-11df-865f-00266c464e43} displayorder {current} {8b778d9f-e8aa-11e0-98b6-bcb25cc3cc88} toolsdisplayorder {memdiag} timeout 3 Chargeur de d‚marrage Windows ----------------------------- identificateur {8b778d9f-e8aa-11e0-98b6-bcb25cc3cc88} device partition=G: path \Windows\system32\winload.exe description Microsoft Windows Vista locale fr-FR inherit {bootloadersettings} osdevice partition=G: systemroot \Windows resumeobject {8b778da0-e8aa-11e0-98b6-bcb25cc3cc88} nx OptIn Chargeur de d‚marrage Windows ----------------------------- identificateur {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale fr-FR inherit {bootloadersettings} recoverysequence {c42d5809-5bec-11df-865f-00266c464e43} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {c42d5807-5bec-11df-865f-00266c464e43} nx OptIn Chargeur de d‚marrage Windows ----------------------------- identificateur {c42d580e-5bec-11df-865f-00266c464e43} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{c42d580f-5bec-11df-865f-00266c464e43} path \windows\system32\winload.exe description Windows Recovery Environment (r‚cup‚r‚) locale osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{c42d580f-5bec-11df-865f-00266c464e43} systemroot \windows winpe Yes Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {8b778da0-e8aa-11e0-98b6-bcb25cc3cc88} device partition=G: path \Windows\system32\winresume.exe description Windows Resume Application locale fr-FR inherit {resumeloadersettings} filepath \hiberfil.sys pae Yes debugoptionenabled No Reprendre … partir de la mise en veille prolong‚e ------------------------------------------------- identificateur {c42d5807-5bec-11df-865f-00266c464e43} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale fr-FR inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Testeur de m‚moire Windows -------------------------- identificateur {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Diagnostics m‚moire Windows locale fr-FR inherit {globalsettings} badmemoryaccess Yes ParamŠtres EMS -------------- identificateur {emssettings} bootems Yes ParamŠtres du d‚bogueur ----------------------- identificateur {dbgsettings} debugtype Serial debugport 1 baudrate 115200 Erreurs de m‚moire RAM ---------------------- identificateur {badmemory} ParamŠtres globaux ------------------ identificateur {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage ----------------------------------- identificateur {bootloadersettings} inherit {globalsettings} ParamŠtres de l'hyperviseur ------------------- identificateur {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise --------------------------------- identificateur {resumeloadersettings} inherit {globalsettings} Options de p‚riph‚rique ----------------------- identificateur {c42d580a-5bec-11df-865f-00266c464e43} description Ramdisk Options ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi Options de p‚riph‚rique ----------------------- identificateur {c42d580f-5bec-11df-865f-00266c464e43} ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2013-12-20 19:31 ==================== End Of Log ============================