cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 25/10/2015 21:46:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,75 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 45,81% Memory free
5,51 Gb Paging File | 2,84 Gb Available in Paging File | 51,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,07 Gb Total Space | 7,93 Gb Free Space | 1,36% Space Free | Partition Type: NTFS
Drive D: | 3,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 14,45 Gb Total Space | 4,39 Gb Free Space | 30,39% Space Free | Partition Type: NTFS

Computer Name: NASSER-PC | User Name: nasser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/10/25 21:45:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\OTL.exe
PRC - [2015/10/20 15:08:28 | 000,811,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/10/20 10:49:48 | 001,278,504 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2015/10/20 10:49:42 | 000,866,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2015/09/28 22:41:47 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.28.17\GoogleCrashHandler.exe
PRC - [2015/09/14 08:25:38 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/09/11 16:34:16 | 018,484,496 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe
PRC - [2015/09/11 16:34:16 | 005,702,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/09/11 16:22:54 | 000,230,672 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe
PRC - [2015/09/01 14:41:42 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
PRC - [2015/08/25 23:56:35 | 006,111,824 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/08/09 23:53:35 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/04/07 20:34:52 | 000,144,008 | ---- | M] (© 2015 Microsoft Corporation) -- C:\Users\nasser\AppData\Local\Microsoft\BingSvc\BingSvc.exe
PRC - [2015/03/09 13:51:49 | 000,060,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\SFR\Pack_Securite\apps\CCF_Reputation\fsorsp.exe
PRC - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/13 10:35:52 | 000,431,000 | ---- | M] (SFR) -- C:\Program Files (x86)\SFR\Controle Parental\bin\OPTGui.exe
PRC - [2013/04/23 12:32:00 | 000,741,232 | ---- | M] (SFR) -- C:\Program Files (x86)\SFR\Controle Parental\bin\optproxy.exe
PRC - [2013/02/19 21:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/17 09:51:36 | 000,240,640 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2013/01/17 09:48:36 | 000,335,360 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrHis.exe
PRC - [2013/01/17 09:47:34 | 000,373,248 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2013/01/17 09:46:10 | 001,321,984 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2013/01/17 09:42:52 | 000,478,208 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrPas.exe
PRC - [2013/01/17 09:41:26 | 000,392,704 | ---- | M] (Volkswagen AG) -- C:\ElsaWin\bin\LcSvrDba.exe
PRC - [2012/06/27 07:42:30 | 001,211,392 | ---- | M] (VOLKSWAGEN AG) -- C:\srv_apps\bbgate\BBGate.exe
PRC - [2012/05/22 08:25:58 | 000,163,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\SFR\Pack_Securite\fshoster32.exe
PRC - [2012/03/15 17:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
PRC - [2009/09/10 16:01:48 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
PRC - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
PRC - [2008/06/26 08:30:12 | 000,020,480 | ---- | M] () -- C:\srv_apps\bbgate\Apache.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/10/20 15:08:27 | 016,493,384 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
MOD - [2015/10/20 15:08:24 | 001,532,744 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
MOD - [2015/10/20 15:08:22 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
MOD - [2015/09/01 14:41:42 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MOD - [2015/08/09 23:53:51 | 000,102,864 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/08/09 23:53:39 | 000,123,976 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/05/13 14:27:13 | 018,753,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\dba6e73775e7b823a02925f063bd2983\PresentationFramework.ni.dll
MOD - [2015/05/13 14:27:00 | 011,014,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f6fee9c78602505e874ec0807e3b1a51\PresentationCore.ni.dll
MOD - [2015/05/13 14:26:52 | 003,904,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsBase.ni.dll
MOD - [2015/05/13 14:26:46 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c61bafa9d029e3f2bf83bd5af3f1f5ac\System.Core.ni.dll
MOD - [2015/05/13 14:26:40 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\908075c4922acdf834c67ac802814c9d\System.Configuration.ni.dll
MOD - [2015/03/06 19:52:56 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/01/28 04:52:14 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MOD - [2015/01/28 04:50:43 | 007,416,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\59dc72440f000eead00c5c580bed26b3\System.Data.ni.dll
MOD - [2015/01/28 03:46:42 | 000,396,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8092ad8ffb37d779da3984d6e11e7516\System.Xml.Linq.ni.dll
MOD - [2015/01/28 03:44:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\825c2900a23128a2fd3de768abc9b023\PresentationFramework-SystemData.ni.dll
MOD - [2015/01/28 03:14:03 | 001,873,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll
MOD - [2015/01/28 03:13:02 | 002,855,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll
MOD - [2015/01/28 03:12:17 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll
MOD - [2015/01/28 03:12:06 | 000,458,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\5e3e26e6c81809aab854ea76a884fde2\PresentationFramework.Aero.ni.dll
MOD - [2015/01/28 03:11:25 | 000,146,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\System.Numerics.ni.dll
MOD - [2015/01/28 03:11:22 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MOD - [2009/08/06 15:15:10 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanDll.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2015/08/09 23:53:35 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2015/07/23 01:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2015/10/17 15:11:37 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/10/05 08:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/09/14 08:25:38 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/09/11 16:34:16 | 005,702,416 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/06/03 15:42:38 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/05/06 08:16:10 | 000,108,032 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2015/03/25 15:43:17 | 000,265,808 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2015/03/09 13:51:49 | 000,060,456 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\SFR\Pack_Securite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2014/04/11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/04/23 12:32:00 | 000,741,232 | ---- | M] (SFR) [Auto | Running] -- C:\Program Files (x86)\SFR\Controle Parental\bin\optproxy.exe -- (OPTENET_FILTER)
SRV - [2013/02/19 21:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/17 09:51:36 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2013/01/17 09:48:36 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2013/01/17 09:47:34 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2013/01/17 09:46:10 | 001,321,984 | ---- | M] (Volkswagen AG) [On_Demand | Running] -- C:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2013/01/17 09:42:52 | 000,478,208 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2013/01/17 09:41:26 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Running] -- C:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2012/06/27 07:42:30 | 001,211,392 | ---- | M] (VOLKSWAGEN AG) [Auto | Running] -- C:\srv_apps\bbgate\BBGate.exe -- (BBGate)
SRV - [2012/05/22 08:25:58 | 000,163,536 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\SFR\Pack_Securite\fshoster32.exe -- (fshoster)
SRV - [2012/03/15 17:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2012/03/15 17:00:38 | 000,914,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/04/24 21:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2008/06/26 08:30:12 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\srv_apps\bbgate\Apache.exe -- (BBGate-HTTPD)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/10/25 13:51:26 | 000,035,064 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:[b]64bit:[/b] - [2015/10/05 08:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2015/10/05 08:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2015/09/16 08:59:00 | 000,066,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:[b]64bit:[/b] - [2015/08/13 23:56:22 | 001,048,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2015/08/09 23:54:26 | 000,150,672 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2015/08/09 23:54:25 | 000,447,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2015/08/09 23:54:25 | 000,274,808 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2015/08/09 23:54:24 | 000,090,968 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2015/08/09 23:54:24 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2015/08/09 23:54:24 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2015/08/09 23:54:21 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2014/12/23 22:23:09 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2014/10/08 17:18:54 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2014/10/08 17:18:54 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2014/10/08 17:18:54 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2014/10/08 17:18:50 | 000,766,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2014/01/22 08:52:12 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd)
DRV:[b]64bit:[/b] - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2014/01/02 23:30:53 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2013/09/06 14:25:40 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:[b]64bit:[/b] - [2013/05/02 05:23:42 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:[b]64bit:[/b] - [2013/05/02 05:23:42 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:[b]64bit:[/b] - [2013/05/02 05:23:42 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:[b]64bit:[/b] - [2013/04/04 10:06:24 | 000,109,512 | ---- | M] (Optenet) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\OptMon64.sys -- (OptMon)
DRV:[b]64bit:[/b] - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2013/02/05 19:59:00 | 000,063,376 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UPAUSB.sys -- (CYUSB3)
DRV:[b]64bit:[/b] - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/06/22 15:46:55 | 000,017,216 | ---- | M] (http://www.autoelectric.cn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MiniProWdf.sys -- (MiniProWdf)
DRV:[b]64bit:[/b] - [2012/03/15 17:00:38 | 000,095,112 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:[b]64bit:[/b] - [2012/03/15 17:00:38 | 000,046,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/10 09:36:44 | 000,986,728 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:[b]64bit:[/b] - [2011/04/19 08:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/02/11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2010/11/25 05:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:[b]64bit:[/b] - [2010/11/20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:[b]64bit:[/b] - [2010/11/20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2010/11/20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:[b]64bit:[/b] - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/08/24 13:32:00 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:[b]64bit:[/b] - [2010/06/16 22:01:30 | 000,070,984 | ---- | M] (Ross-Tech LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RT-USB64.SYS -- (RT-USB)
DRV:[b]64bit:[/b] - [2010/03/30 13:27:30 | 000,069,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:[b]64bit:[/b] - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 21:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:[b]64bit:[/b] - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2006/12/13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:[b]64bit:[/b] - [2006/12/04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2015/10/20 10:50:47 | 000,217,280 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2015/10/20 10:49:53 | 000,073,256 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2014/01/20 23:24:44 | 000,004,032 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\hostnt.sys -- (HOSTNT)
DRV - [2012/06/21 22:17:41 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2012/03/15 17:00:28 | 000,015,016 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\SFR\Pack_Securite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2010/10/16 16:27:00 | 000,187,600 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys -- (R-ImageDisk)
DRV - [2010/06/01 06:18:56 | 000,132,432 | ---- | M] (R-TT Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys -- (DrvSnSht)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/11/09 08:44:36 | 000,024,064 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/01/01 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://firstsputnik.ru/?ri=1&uid=e4f7383980ae13690f18b8c154555288&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://firstsputnik.ru/?ri=1&uid=e4f7383980ae13690f18b8c154555288&q=
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\.DEFAULT\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-18\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-19\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-20\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\..\SearchScopes\{A4A667BC-0CDA-43DE-8347-3C7F9C02C496}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\..\SearchScopes\{ED81B414-7118-4D2A-BD11-AC168FD50F25}: "URL" = http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1003\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1003\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-77396035-3474891182-2364265716-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unisys.com/npornap: C:\Program Files (x86)\Orange\CAP Nap Plugin ActiveX [2013/12/16 00:03:54 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll (Vitzo)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox [2012/05/26 22:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\SFR\Pack_Securite\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ [2012/06/21 22:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2014/06/24 11:22:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2014/06/24 11:22:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/09/19 12:29:19 | 000,000,000 | ---D | M]

[2014/07/07 17:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nasser\AppData\Roaming\mozilla\Extensions
[2013/04/10 22:22:13 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\nasser\AppData\Roaming\mozilla\Extensions\pluswinks@PlusWinks
[2013/01/15 22:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nasser\AppData\Roaming\mozilla\Firefox\extensions
[2013/01/15 22:58:32 | 000,000,000 | ---D | M] (uTorrentBar_FR) -- C:\Users\nasser\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
[2013/02/20 19:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.40_0\
CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.0_0\
CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.2.0.190_0\
CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1\

O1 HOSTS File: ([2015/10/25 15:06:15 | 000,000,321 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\SFR\Pack_Securite\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - !{265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\SFR\Pack_Securite\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [OPTENET_GUI] C:\Program Files (x86)\SFR\Controle Parental\bin\OPTGui.exe (SFR)
O4 - HKLM..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe ()
O4 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000..\Run: [BingSvc] C:\Users\nasser\AppData\Local\Microsoft\BingSvc\BingSvc.exe (© 2015 Microsoft Corporation)
O4 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000..\Run: [BitTorrent] C:\Users\nasser\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000..\Run: [C] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-77396035-3474891182-2364265716-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [osk.exe] C:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [osk.exe] C:\Windows\SysWow64\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-77396035-3474891182-2364265716-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-77396035-3474891182-2364265716-1003..\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-77396035-3474891182-2364265716-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:[b]64bit:[/b] - Extra context menu item: Download Video on This Page - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211 File not found
O8:[b]64bit:[/b] - Extra context menu item: Download Video This Links To - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212 File not found
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211 File not found
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212 File not found
O9:[b]64bit:[/b] - Extra Button: TSearch - {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} - Reg Error: Key error. File not found
O9 - Extra Button: TSearch - {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} - Reg Error: Key error. File not found
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211 File not found
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211 File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: OrangeCP ([*] in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: OrangeCP ([*] in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Ranges: OrangeCP ([*] in )
O15 - HKU\S-1-5-20\..Trusted Ranges: OrangeCP ([*] in )
O15 - HKU\S-1-5-21-77396035-3474891182-2364265716-1000\..Trusted Ranges: OrangeCP ([*] in Trusted sites)
O15 - HKU\S-1-5-21-77396035-3474891182-2364265716-1003\..Trusted Ranges: OrangeCP ([*] in )
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{095E8A93-52F7-43C0-ADA0-B4A10EE8ECAC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C26D48-9286-4CDA-9019-F4276017DCAB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F7035B2-3B9B-4B57-ADED-E9DFA6F21C98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CAE027-21EE-4688-BF86-FA8E1D6C329E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58619ED2-5588-413D-87E2-A5FD27C1E87F}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B40F66A6-B965-4FF8-AAFC-D15DAA493985}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E511AAB8-0A0C-4A91-9DFE-85DF12929FA5}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\vw-wi - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/28 22:44:38 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2015/02/19 23:07:36 | 000,000,000 | ---D | M] - C:\AUTOFORMATION -- [ NTFS ]
O32 - AutoRun File - [2015/02/19 23:11:51 | 000,000,155 | ---- | M] () - C:\Autoformation CLIP.TXT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/10/25 21:45:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\OTL.exe
[2015/10/25 14:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2015/10/22 23:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2015/10/22 23:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPFix
[2015/10/22 22:29:56 | 000,000,000 | ---D | C] -- C:\FRST
[2015/10/22 21:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/10/22 12:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiProg
[2015/10/22 12:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiProg
[2015/10/21 23:18:17 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Pinouts Alim compt
[2015/10/18 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Auto Soft pack
[2015/10/16 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Licznik 4.8 no dongle
[2015/10/15 16:42:35 | 003,937,280 | ---- | C] (Autocom Diagnostic Partner AB) -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Main.exe
[2015/10/15 16:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Delphi Diagnostics
[2015/10/15 16:41:36 | 000,000,000 | ---D | C] -- C:\Users\nasser\Bureau
[2015/10/15 16:36:41 | 000,000,000 | ---D | C] -- C:\2014.1.X
[2015/10/14 19:05:33 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\dump c4 jhonner
[2015/10/14 11:28:14 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Citroen C4
[2015/10/14 00:23:14 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\UPA Scr
[2015/10/13 21:50:07 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Nouveau dossier (4)
[2015/10/12 22:33:57 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\dump c4 bsi dash fait par electrodata 165545 km
[2015/10/11 11:02:10 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\volkswagen
[2015/10/09 22:13:55 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\edc15c3
[2015/10/07 22:18:45 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Nyo4_2012
[2015/10/06 23:03:54 | 024,473,600 | ---- | C] (Luis Andre - pushfd@bol.com.br) -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\DashboardServiceTool.exe
[2015/09/30 22:08:27 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\galletto instal
[2015/09/30 19:30:45 | 000,109,512 | ---- | C] (Optenet) -- C:\Windows\SysNative\drivers\OptMon64.sys
[2015/09/30 19:29:55 | 001,667,320 | ---- | C] (Optenet S.A.) -- C:\Windows\OptRemove.exe
[2015/09/30 19:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contrôle Parental SFR
[2015/09/28 22:58:58 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\upa usb
[2015/09/28 22:36:36 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\renault ecu tool connection
[2015/09/27 21:45:42 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Ultra-Pack Fichier Titanium
[2015/09/27 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\VOLTA 1.2 Full
[2015/09/26 12:49:19 | 000,000,000 | ---D | C] -- C:\Users\nasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinOLS 1.500
[2015/09/26 12:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinOLS 1.500
[2015/09/26 12:03:24 | 000,000,000 | ---D | C] -- C:\Users\nasser\Desktop
[2015/09/26 12:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinOLS 1.500
[2015/09/26 12:01:42 | 000,000,000 | ---D | C] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\winols 1.5 (full)
[2015/09/25 23:59:13 | 000,000,000 | ---D | C] -- C:\Users\nasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiniPro Programmer
[5 C:\Users\nasser\*.tmp files -> C:\Users\nasser\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/10/25 21:47:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/10/25 21:45:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\OTL.exe
[2015/10/25 21:37:27 | 000,000,836 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\ZHPDiag.lnk
[2015/10/25 21:36:41 | 001,959,936 | ---- | M] () -- C:\Users\nasser\ZHPDiag3.exe
[2015/10/25 21:35:23 | 001,901,056 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\ZHPDiag3 (2).exe
[2015/10/25 21:18:54 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/10/25 21:18:54 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/10/25 21:12:46 | 001,695,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/10/25 21:12:46 | 000,757,866 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2015/10/25 21:12:46 | 000,663,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/10/25 21:12:46 | 000,154,714 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2015/10/25 21:12:46 | 000,126,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/10/25 21:11:06 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/10/25 21:03:32 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/10/25 21:03:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/10/25 21:03:16 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys
[2015/10/25 15:06:15 | 000,000,321 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/10/25 14:46:14 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2015/10/25 13:51:26 | 000,035,064 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2015/10/25 13:07:02 | 000,000,630 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2015/10/25 11:59:44 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/10/23 23:46:09 | 000,000,732 | ---- | M] () -- C:\Program Files\config.dat
[2015/10/23 19:39:16 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2015/10/23 19:39:16 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2015/10/23 19:39:15 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\OBD2 DTC Lookup.lnk
[2015/10/23 19:39:15 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\OtoCheck V2.lnk
[2015/10/23 19:39:15 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/10/23 19:39:15 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2015/10/23 19:39:15 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/10/23 19:39:15 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2015/10/23 19:39:15 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Jouer à PKR.lnk
[2015/10/23 19:39:14 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\ImageShack Uploader.lnk
[2015/10/23 19:39:14 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Immo Bypass.lnk
[2015/10/23 19:39:14 | 000,000,587 | ---- | M] () -- C:\Users\Public\Desktop\Galletto Win7.lnk
[2015/10/23 19:39:14 | 000,000,575 | ---- | M] () -- C:\Users\Public\Desktop\Galletto.lnk
[2015/10/23 19:39:13 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2015/10/23 19:39:12 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2015/10/23 19:39:12 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\CarProKey.lnk
[2015/10/23 19:39:12 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\CarSoftware.exe.lnk
[2015/10/23 19:39:12 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\FileViewPro.lnk
[2015/10/23 19:39:12 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/10/23 19:39:11 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/10/23 19:39:11 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\Boutique Accessoires eMachines.lnk
[2015/10/23 17:48:12 | 000,000,664 | RHS- | M] () -- C:\Users\nasser\ntuser.pol
[2015/10/23 17:48:12 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/10/22 20:07:01 | 000,000,621 | ---- | M] () -- C:\Users\nasser\Dernière session nasser.prj
[2015/10/21 12:16:35 | 000,029,248 | ---- | M] () -- C:\Users\nasser\AppData\Local\recently-used.xbel
[2015/10/21 12:03:59 | 000,000,256 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\dump psa expert orig.bin
[2015/10/19 21:11:47 | 027,872,098 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\3515095-Software_UPA_1_2.zip
[2015/10/16 18:56:29 | 000,003,120 | ---- | M] () -- C:\Windows\SysWow64\N7FVEWGQ.ocx
[2015/10/16 18:56:29 | 000,003,120 | ---- | M] () -- C:\Windows\24IFCGKI.ocx
[2015/10/15 16:50:57 | 000,007,123 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\FileActivation.xml
[2015/10/15 16:49:47 | 000,000,431 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2015/10/14 00:20:11 | 057,833,260 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\UPA Scr.rar
[2015/10/11 12:51:04 | 000,000,128 | ---- | M] () -- C:\dump c4 dash 93c46 ori.bin
[2015/10/11 12:51:04 | 000,000,128 | ---- | M] () -- C:\dump c4 dash 93c46 ori.bak
[2015/10/06 20:24:29 | 000,001,750 | ---- | M] () -- C:\Windows\ST6UNST.002
[2015/10/05 08:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/10/05 08:50:10 | 000,109,272 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/10/05 08:50:06 | 000,025,816 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/10/01 16:04:32 | 000,000,937 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\MiniPro Programmer.lnk
[2015/09/26 12:49:21 | 000,001,914 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\WinOLS 1.500.lnk
[2015/09/26 00:03:17 | 000,000,004 | ---- | M] () -- C:\Program Files\language.dat
[2015/09/25 23:30:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MiniProWdf_01009.Wdf
[5 C:\Users\nasser\*.tmp files -> C:\Users\nasser\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/10/25 21:36:41 | 001,959,936 | ---- | C] () -- C:\Users\nasser\ZHPDiag3.exe
[2015/10/25 21:35:08 | 001,901,056 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\ZHPDiag3 (2).exe
[2015/10/25 14:46:14 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2015/10/25 13:38:03 | 000,000,836 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\ZHPDiag.lnk
[2015/10/23 18:25:58 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/10/22 23:23:02 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2015/10/22 23:23:02 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\BDEADMIN.CPL
[2015/10/22 21:56:19 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/10/21 12:16:35 | 000,029,248 | ---- | C] () -- C:\Users\nasser\AppData\Local\recently-used.xbel
[2015/10/21 12:03:53 | 000,000,256 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\dump psa expert orig.bin
[2015/10/19 20:55:31 | 027,872,098 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\3515095-Software_UPA_1_2.zip
[2015/10/18 22:12:08 | 000,001,024 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\24c08 33972km.bin
[2015/10/18 22:09:12 | 000,001,024 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\8E0920931D_0040.bin
[2015/10/16 18:56:29 | 000,003,120 | ---- | C] () -- C:\Windows\SysWow64\N7FVEWGQ.ocx
[2015/10/16 18:56:29 | 000,003,120 | ---- | C] () -- C:\Windows\24IFCGKI.ocx
[2015/10/15 16:50:20 | 000,007,123 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\FileActivation.xml
[2015/10/15 16:34:04 | 1375,445,867 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Setup 2014.1.X V3 .exe
[2015/10/15 16:30:49 | 1370,583,406 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Setup 2014 v3 .rar
[2015/10/14 00:08:25 | 057,833,260 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\UPA Scr.rar
[2015/10/11 12:48:11 | 000,000,128 | ---- | C] () -- C:\dump c4 dash 93c46 ori.bin
[2015/10/11 12:48:11 | 000,000,128 | ---- | C] () -- C:\dump c4 dash 93c46 ori.bak
[2015/10/09 18:55:35 | 000,383,160 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Emulator manual Renault.pdf
[2015/10/06 20:24:20 | 000,001,750 | ---- | C] () -- C:\Windows\ST6UNST.002
[2015/09/30 19:29:55 | 000,230,912 | ---- | C] () -- C:\Windows\OptChecker.exe
[2015/09/30 19:29:55 | 000,003,224 | ---- | C] () -- C:\Windows\sporder.zip
[2015/09/26 12:49:21 | 000,001,914 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\WinOLS 1.500.lnk
[2015/09/26 00:00:54 | 000,000,937 | ---- | C] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\MiniPro Programmer.lnk
[2015/09/26 00:00:53 | 001,011,712 | ---- | C] () -- C:\Program Files\MiniPro.exe
[2015/09/25 23:59:11 | 002,672,960 | ---- | C] () -- C:\Program Files\MiniProHelp.chm
[2015/09/25 23:59:11 | 000,221,184 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2015/09/25 23:30:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MiniProWdf_01009.Wdf
[2015/09/05 21:58:02 | 000,000,102 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[2015/08/30 21:23:33 | 000,001,098 | ---- | C] () -- C:\Users\nasser\Vidéos - Raccourci.lnk
[2015/08/12 21:20:48 | 000,004,991 | ---- | C] () -- C:\ProgramData\xhbjddli.elu
[2015/08/12 21:20:48 | 000,000,000 | ---- | C] () -- C:\ProgramData\211148173
[2015/06/19 23:14:12 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2015/02/11 01:26:20 | 000,000,069 | ---- | C] () -- C:\Program Files (x86)\dialogysclip.bat
[2015/02/11 01:24:56 | 000,176,055 | ---- | C] () -- C:\Program Files (x86)\UninstScript.EXE
[2015/02/11 01:24:56 | 000,001,849 | ---- | C] () -- C:\Program Files (x86)\DialogysUninstWPS.bat
[2014/12/26 22:57:09 | 000,524,288 | ---- | C] () -- C:\Users\nasser\eeprom original demonter tacho pro 29f040b.BIN
[2014/12/22 23:58:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2014/12/21 21:59:50 | 000,001,024 | ---- | C] () -- C:\Users\nasser\dump 24c08 polo ori.BIN
[2014/11/27 21:05:23 | 000,000,256 | ---- | C] () -- C:\Users\nasser\compteur clio phase 2 93c56 johnson orig.BIN
[2014/11/27 21:02:14 | 000,000,256 | ---- | C] () -- C:\Users\nasser\dump clio phase 2 93c56 jhonson.BIN
[2014/11/26 22:21:36 | 000,002,048 | ---- | C] () -- C:\Users\nasser\dump compteur polo 93c86 originalllllllll.BIN
[2014/11/26 22:17:19 | 000,002,048 | ---- | C] () -- C:\Users\nasser\dump compteur polo 93c86 originalllllll.BIN
[2014/11/16 23:10:55 | 000,004,159 | ---- | C] () -- C:\ProgramData\cjrvpdhv.bxn
[2014/11/06 00:30:36 | 000,000,696 | ---- | C] () -- C:\Users\nasser\PCWB94.xml
[2014/11/05 23:27:58 | 000,000,696 | ---- | C] () -- C:\Users\nasser\PCWE09E.xml
[2014/11/05 23:16:43 | 000,191,516 | ---- | C] () -- C:\Users\nasser\ArmUI.ini
[2014/10/23 19:57:47 | 000,000,621 | ---- | C] () -- C:\Users\nasser\Dernière session nasser.prj
[2014/09/18 14:52:18 | 000,000,004 | ---- | C] () -- C:\Program Files\language.dat
[2014/09/18 14:52:17 | 000,015,012 | ---- | C] () -- C:\Program Files\Serial25Index.dat
[2014/09/18 14:52:16 | 003,903,488 | ---- | C] () -- C:\Program Files\InfoIC.dll
[2014/09/18 14:52:16 | 000,000,732 | ---- | C] () -- C:\Program Files\config.dat
[2014/09/18 14:52:15 | 000,312,348 | ---- | C] () -- C:\Program Files\update.dat
[2014/09/18 14:52:15 | 000,143,360 | ---- | C] () -- C:\Program Files\UsbDrvInstall.exe
[2014/07/13 03:23:12 | 000,000,110 | ---- | C] () -- C:\Users\nasser\AppData\Roaming\Movies2iPhone.ini
[2014/07/07 13:29:57 | 000,005,034 | ---- | C] () -- C:\ProgramData\nezmlilu.yia
[2014/07/07 13:28:38 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/20 23:24:44 | 000,004,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\hostnt.sys
[2013/12/24 12:38:53 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\drivers\hardlock.sys
[2013/12/23 18:28:40 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2013/12/23 18:22:49 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2013/12/16 23:48:11 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\StdIo.dll
[2013/11/07 00:21:01 | 000,000,089 | ---- | C] () -- C:\Users\nasser\AppData\Roaming\WB.CFG
[2013/10/28 18:28:22 | 000,102,164 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/02/20 19:29:53 | 000,000,664 | RHS- | C] () -- C:\Users\nasser\ntuser.pol
[2013/01/16 20:50:58 | 000,000,431 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/26 22:32:14 | 000,456,664 | ---- | C] ( ) -- C:\Program Files (x86)\Common Files\AutoCompleteInstaller-VD.exe
[2012/02/21 15:37:23 | 000,000,008 | ---- | C] () -- C:\Users\nasser\AppData\Roaming\DofusAppId0_4
[2012/01/06 22:47:03 | 000,000,017 | ---- | C] () -- C:\Users\nasser\AppData\Local\resmon.resmoncfg
[2011/08/04 16:24:06 | 000,000,008 | ---- | C] () -- C:\Users\nasser\AppData\Roaming\DofusAppId0_3
[2011/08/04 16:14:51 | 000,000,008 | ---- | C] () -- C:\Users\nasser\AppData\Roaming\DofusAppId0_1
[2011/08/04 13:06:53 | 000,000,113 | ---- | C] () -- C:\Users\nasser\AppData\Roaming\D2Info0
[2011/08/04 13:06:53 | 000,000,008 | ---- | C] () -- C:\Users\nasser\AppData\Roaming\DofusAppId0_2
[2011/03/16 19:22:55 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2008/03/06 08:18:04 | 000,000,124 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\MANUEL REPARATION\Recherche de panne sur les feux de route d'un véhicule\SCO_0001\_COURSE\U.SWF
[2013/12/25 01:36:36 | 000,000,000 | ---D | M] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\partage\ETKA v7.3 - VW & AUDI (01.2011)\DATA\AU\U
[2013/12/31 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\partage\ETKA v7.3 - VW & AUDI (01.2011)\DATA\AU\html\L
[2013/12/31 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\partage\ETKA v7.3 - VW & AUDI (01.2011)\DATA\AU\html\N
[2013/12/31 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\partage\ETKA v7.3 - VW & AUDI (01.2011)\DATA\AU\html\U
[2013/12/25 01:38:40 | 000,000,000 | ---D | M] -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\partage\ETKA v7.3 - VW & AUDI (01.2011)\DATA\VW\U
[2008/03/06 08:18:04 | 000,000,124 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Recherche de panne sur les feux de route d'un véhicule\SCO_0001\_COURSE\U.SWF
[2002/06/26 17:14:52 | 000,131,072 | ---- | M] () -- C:\Users\nasser\{62a075bb-518e-420b-b366-db64d420f8bb}\Desktop\Ultra-Pack Fichier Titanium\Opel\zafira\L.txt
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2015/04/12 00:20:20 | 000,000,000 | ---D | M] -- C:\Users\ines\AppData\Roaming\AVAST Software
[2012/12/30 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\ines\AppData\Roaming\TeamViewer
[2015/04/27 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\ines\AppData\Roaming\Tomato
[2013/04/10 22:19:52 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Apowersoft
[2013/06/08 12:17:56 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Hoyle Casino
[2013/06/11 17:59:05 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Hoyle FaceCreator
[2012/06/30 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\OEM
[2013/05/15 11:50:47 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\OpenOffice.org
[2013/02/24 15:09:20 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\PMU
[2013/04/10 22:19:55 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\SoftGrid Client
[2013/08/08 12:50:09 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Tomato
[2013/10/04 11:33:32 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\uTorrent
[2013/04/10 22:23:25 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\WildTangent
[2012/07/26 15:05:21 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Aeria Games & Entertainment
[2013/02/06 16:18:31 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\AnkamaCertificates
[2011/06/02 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Apowersoft
[2015/03/06 19:55:50 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\AVAST Software
[2015/10/25 21:04:31 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\BitTorrent
[2015/06/15 22:34:56 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\BitTorrent Sync
[2015/03/01 15:06:49 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Carsoftware
[2014/09/30 16:31:21 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\CVitae
[2015/10/22 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\DAEMON Tools Lite
[2015/10/22 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\DAEMON Tools Pro
[2015/10/15 16:49:07 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Delphi
[2014/04/21 16:16:35 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus
[2012/06/06 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus 2
[2014/04/21 18:51:23 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus-2
[2011/08/04 13:06:53 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2014/04/23 12:03:31 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus-3
[2011/08/04 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012/02/21 15:37:23 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus-4.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2011/08/04 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2014/06/23 20:00:18 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dofus2
[2013/06/21 12:39:14 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\DofusTesting
[2013/02/06 16:17:55 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\DofusTesting-2
[2013/06/21 16:00:18 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\DofusTesting-3
[2014/07/09 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Dropbox
[2013/05/02 19:46:14 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\eTeks
[2012/10/04 23:00:00 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\F-Secure
[2012/03/03 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\FloodLightGames
[2014/07/13 03:21:08 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\FlvtoConverter
[2014/01/07 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Foxit Software
[2011/06/07 22:45:55 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\FreeAudioPack
[2013/07/25 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\FreeCDRipper
[2014/09/20 10:05:59 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\FreeVideoConverter
[2011/05/27 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\funkitron
[2014/11/22 20:34:48 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\GSplit
[2011/05/28 21:39:08 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Hoyle Casino
[2011/05/28 21:37:26 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Hoyle FaceCreator
[2014/11/26 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\IrfanView
[2013/12/17 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\IsolatedStorage
[2013/08/31 16:08:15 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\KastorAllVideoDownloader
[2012/11/25 19:14:35 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\LolClient
[2014/07/06 21:42:16 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Mael
[2011/02/26 18:23:04 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\OEM
[2013/02/20 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\OpenOffice.org
[2015/09/05 22:00:57 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Opera Software
[2015/10/22 22:00:48 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\PhotoScape
[2012/03/02 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\PlayFirst
[2012/09/15 16:49:04 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\PMU
[2014/04/21 16:16:49 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Reg
[2011/08/04 13:06:55 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2013/07/10 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Samsung
[2014/06/22 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\SoftGrid Client
[2014/10/26 22:44:00 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\SteelBytes
[2015/04/13 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\SumatraPDF
[2015/10/22 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\TeamViewer
[2013/10/27 12:01:54 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Tomato
[2011/05/05 09:12:50 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\TP
[2015/01/19 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\UltraProg.co.uk
[2015/06/15 22:41:29 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\uTorrent
[2012/12/26 11:10:44 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\VDownloader
[2012/06/11 09:43:12 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\WildTangent
[2011/04/20 21:25:33 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\Windows Live Writer
[2014/07/12 16:40:26 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\WindSolutions
[2015/10/15 16:52:53 | 000,000,000 | -HSD | M] -- C:\Users\nasser\AppData\Roaming\wyUpdate AU
[2015/10/25 21:37:23 | 000,000,000 | ---D | M] -- C:\Users\nasser\AppData\Roaming\ZHP

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 401 bytes -> C:\ProgramData\TEMP:E8956AB5
@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:EFB09287
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:BF040455
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:24105FF3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:7CB86D39

< End of report >

Publicité


Signaler le contenu de ce document

Publicité