cjoint

Publicité


Publicité

Commentaire : Je suis envahie par un virus asiatique bizarre commençant par QQPC mgr et je souhaite m'en débarrasser! J'ai plein de fenêtre qui s'ouvrent et des trucs en chinois qui s'inscrivent un peu partout... MERCI D'AVANCE !!!

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 30/12/2015 19:12:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ghyzou\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18124)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,89 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 37,37% Memory free
7,77 Gb Paging File | 4,15 Gb Available in Paging File | 53,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,45 Gb Total Space | 140,25 Gb Free Space | 50,19% Space Free | Partition Type: NTFS
Drive D: | 393,86 Gb Total Space | 393,25 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: GHYZOU-PC | User Name: Ghyzou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2015/12/30 19:11:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ghyzou\Downloads\OTL.exe
PRC - [2015/12/30 18:17:13 | 001,186,144 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\QQPCNetFlow.exe
PRC - [2015/12/30 18:17:13 | 001,097,272 | ---- | M] (Tencent) -- C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
PRC - [2015/12/30 18:17:13 | 000,612,832 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRealTimeSpeedup.exe
PRC - [2015/12/30 18:17:13 | 000,355,296 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTray.exe
PRC - [2015/12/30 18:17:13 | 000,301,728 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe
PRC - [2015/12/30 18:17:12 | 000,280,928 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMChExt.exe
PRC - [2015/12/30 18:08:15 | 000,764,344 | ---- | M] () -- C:\Program Files (x86)\TrainTickets_201512301808\201512301808\TrainTickets.exe
PRC - [2015/12/30 18:08:15 | 000,206,776 | ---- | M] ( ) -- C:\Program Files (x86)\TrainTickets_201512301808\201512301808\lcstat.exe
PRC - [2015/12/30 18:08:15 | 000,199,608 | ---- | M] () -- C:\Program Files (x86)\TrainTickets_201512301808\201512301808\tslog.exe
PRC - [2015/12/30 18:02:42 | 000,881,664 | ---- | M] () -- C:\Users\Ghyzou\AppData\Local\Temp\setup_info.exe
PRC - [2015/12/29 21:29:02 | 000,228,072 | ---- | M] (TData.com) -- C:\Program Files (x86)\TDataDld\TData.exe
PRC - [2015/12/10 22:54:14 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/12/09 06:30:28 | 000,383,456 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCPatch.exe
PRC - [2015/12/08 16:36:58 | 024,952,456 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2015/12/06 15:31:03 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\Ghyzou\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
PRC - [2015/12/06 13:43:42 | 002,026,520 | ---- | M] (BitTorrent Inc.) -- C:\Users\Ghyzou\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2015/12/03 02:40:44 | 000,131,840 | ---- | M] (Shanghai Damo Network Sci. & Tech. Co. Ltd.) -- C:\Program Files (x86)\ADSafe\ADSafeSvc.exe
PRC - [2015/12/03 02:40:43 | 004,861,184 | ---- | M] (Shanghai Damo Network Sci. & Tech. Co. Ltd.) -- C:\Program Files (x86)\ADSafe\ADSafe.exe
PRC - [2015/12/02 10:37:58 | 000,394,280 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2015/11/07 19:09:29 | 000,554,288 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\cacaoweb\cacaoweb.exe
PRC - [2015/10/28 12:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/10/12 02:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/10/12 02:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/07/02 11:42:55 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/07/02 11:25:04 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/06/15 06:09:28 | 000,134,512 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ghyzou\AppData\Local\Dropbox\Update\DropboxUpdate.exe
PRC - [2013/11/03 16:27:47 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Ghyzou\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/07 18:48:54 | 000,090,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/05/07 18:48:50 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/05/03 17:13:10 | 000,309,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012/04/28 11:43:00 | 002,321,584 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2012/04/11 17:48:58 | 000,017,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
PRC - [2012/04/06 16:16:32 | 000,322,176 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/03/26 12:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/28 20:19:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/02/28 20:19:02 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/02/21 14:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/21 14:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/16 18:01:36 | 000,473,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2012/02/15 19:38:10 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/11/21 16:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/10/24 19:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/11/20 07:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/08/20 11:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2015/12/30 18:17:18 | 000,481,632 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\sqlite.dll
MOD - [2015/12/30 18:17:18 | 000,194,912 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\xImage.dll
MOD - [2015/12/30 18:17:18 | 000,100,704 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\tinyxml.dll
MOD - [2015/12/30 18:17:18 | 000,100,704 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\tinyxml.dll
MOD - [2015/12/30 18:17:18 | 000,092,184 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\xGraphic32.dll
MOD - [2015/12/30 18:17:18 | 000,092,184 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\xGraphic32.dll
MOD - [2015/12/30 18:17:18 | 000,088,416 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\zlib.dll
MOD - [2015/12/30 18:17:18 | 000,088,416 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\zlib.dll
MOD - [2015/12/30 18:17:17 | 000,235,872 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMWlanMacDll.dll
MOD - [2015/12/30 18:17:15 | 000,170,336 | ---- | M] () -- c:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMHIPSLogPolicy.dll
MOD - [2015/12/30 18:17:15 | 000,125,280 | ---- | M] () -- c:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMRtpController.dll
MOD - [2015/12/30 18:17:13 | 000,342,040 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\arkGraphic.dll
MOD - [2015/12/30 18:17:13 | 000,342,040 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\arkGraphic.dll
MOD - [2015/12/30 18:17:13 | 000,285,024 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\libjpegturbo.dll
MOD - [2015/12/30 18:17:13 | 000,285,024 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\libjpegturbo.dll
MOD - [2015/12/30 18:17:13 | 000,158,048 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\libpng.dll
MOD - [2015/12/30 18:17:13 | 000,158,048 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\libpng.dll
MOD - [2015/12/30 18:17:13 | 000,137,568 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\libexpatw.dll
MOD - [2015/12/30 18:17:13 | 000,137,568 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\libexpatw.dll
MOD - [2015/12/30 18:17:13 | 000,076,128 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\MemDefrag.dll
MOD - [2015/12/30 18:17:13 | 000,045,920 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\jgImage.dll
MOD - [2015/12/30 18:17:13 | 000,045,920 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\jgImage.dll
MOD - [2015/12/30 18:17:13 | 000,014,176 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\plugins\QMNetMon\jgIOStub.dll
MOD - [2015/12/30 18:17:13 | 000,014,176 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\jgIOStub.dll
MOD - [2015/12/30 18:08:16 | 000,411,064 | ---- | M] () -- C:\Program Files (x86)\TrainTickets_201512301808\201512301808\DuiLib_u.dll
MOD - [2015/12/30 18:08:15 | 000,764,344 | ---- | M] () -- C:\Program Files (x86)\TrainTickets_201512301808\201512301808\TrainTickets.exe
MOD - [2015/12/30 18:08:15 | 000,199,608 | ---- | M] () -- C:\Program Files (x86)\TrainTickets_201512301808\201512301808\tslog.exe
MOD - [2015/12/30 18:02:42 | 000,881,664 | ---- | M] () -- C:\Users\Ghyzou\AppData\Local\Temp\setup_info.exe
MOD - [2015/12/10 22:54:11 | 001,583,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
MOD - [2015/12/10 22:54:09 | 000,081,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
MOD - [2015/12/08 16:36:50 | 000,024,904 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
MOD - [2015/12/08 16:36:50 | 000,021,840 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
MOD - [2015/12/08 16:36:50 | 000,021,320 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
MOD - [2015/12/08 16:36:48 | 000,023,376 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2015/12/08 16:36:48 | 000,020,800 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
MOD - [2015/12/08 16:36:46 | 000,381,752 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
MOD - [2015/12/08 16:36:46 | 000,019,760 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
MOD - [2015/12/08 16:36:42 | 003,891,504 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
MOD - [2015/12/08 16:36:40 | 000,225,080 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
MOD - [2015/12/08 16:36:40 | 000,133,936 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
MOD - [2015/12/08 16:36:38 | 000,486,704 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
MOD - [2015/12/08 16:36:38 | 000,357,680 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
MOD - [2015/12/08 16:36:36 | 001,950,000 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
MOD - [2015/12/08 16:36:36 | 000,519,984 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
MOD - [2015/12/08 16:36:36 | 000,207,672 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
MOD - [2015/12/08 16:36:34 | 001,826,608 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
MOD - [2015/12/08 16:36:32 | 000,052,024 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
MOD - [2015/12/08 16:36:32 | 000,024,392 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
MOD - [2015/12/08 16:36:30 | 000,038,696 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\fastpath.pyd
MOD - [2015/12/08 16:36:28 | 001,737,032 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
MOD - [2015/12/08 16:36:28 | 000,084,792 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
MOD - [2015/12/08 16:36:28 | 000,020,808 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
MOD - [2015/12/08 16:36:26 | 000,023,352 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
MOD - [2015/12/08 16:36:26 | 000,020,816 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
MOD - [2015/12/08 16:36:24 | 000,022,848 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2015/12/08 16:36:24 | 000,021,304 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
MOD - [2015/12/08 16:36:22 | 000,117,056 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
MOD - [2015/12/08 16:36:22 | 000,042,296 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
MOD - [2015/12/08 16:36:22 | 000,020,280 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
MOD - [2015/11/07 19:09:29 | 000,554,288 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\cacaoweb\cacaoweb.exe
MOD - [2015/10/30 20:01:00 | 000,019,920 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
MOD - [2015/10/30 20:00:58 | 000,786,904 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2015/10/30 20:00:58 | 000,063,448 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2015/10/30 20:00:58 | 000,019,408 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
MOD - [2015/10/30 20:00:26 | 000,036,296 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\librsync.dll
MOD - [2015/10/30 20:00:24 | 000,350,152 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\winxpgui.pyd
MOD - [2015/10/30 20:00:22 | 000,048,592 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32service.pyd
MOD - [2015/10/30 20:00:22 | 000,028,616 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32ts.pyd
MOD - [2015/10/30 20:00:20 | 000,114,640 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32security.pyd
MOD - [2015/10/30 20:00:20 | 000,043,472 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32process.pyd
MOD - [2015/10/30 20:00:20 | 000,024,016 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32profile.pyd
MOD - [2015/10/30 20:00:18 | 000,175,560 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32gui.pyd
MOD - [2015/10/30 20:00:18 | 000,030,160 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32pipe.pyd
MOD - [2015/10/30 20:00:16 | 000,124,880 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32file.pyd
MOD - [2015/10/30 20:00:16 | 000,024,528 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32event.pyd
MOD - [2015/10/30 20:00:14 | 000,105,928 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32api.pyd
MOD - [2015/10/30 20:00:14 | 000,024,016 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
MOD - [2015/10/30 20:00:14 | 000,020,936 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\mmapfile.pyd
MOD - [2015/10/30 20:00:10 | 000,109,520 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
MOD - [2015/10/30 20:00:08 | 000,240,584 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\jpegtran.pyd
MOD - [2015/10/30 20:00:08 | 000,083,912 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\sip.pyd
MOD - [2015/10/30 20:00:06 | 000,019,408 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\faulthandler.pyd
MOD - [2015/10/30 19:59:54 | 000,134,608 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_elementtree.pyd
MOD - [2015/10/30 19:59:54 | 000,034,768 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
MOD - [2015/10/30 19:59:52 | 000,692,688 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\unicodedata.pyd
MOD - [2015/10/30 19:59:52 | 000,093,640 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\_ctypes.pyd
MOD - [2015/10/30 19:59:50 | 000,134,088 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\pyexpat.pyd
MOD - [2015/10/30 19:59:50 | 000,018,376 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\select.pyd
MOD - [2015/10/30 19:59:48 | 000,392,144 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\pythoncom27.dll
MOD - [2015/10/30 19:59:48 | 000,116,688 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\pywintypes27.dll
MOD - [2015/09/14 12:57:46 | 000,019,296 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\oDayProtect.dll
MOD - [2015/09/02 11:08:00 | 000,368,184 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\DlForQd.dll
MOD - [2015/07/02 11:25:27 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/07/02 11:25:11 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015/04/13 09:00:22 | 002,631,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2015/04/13 08:57:12 | 000,861,120 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\axvlc.dll
MOD - [2015/04/13 08:57:12 | 000,143,296 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2015/03/04 12:25:59 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/01/28 07:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 07:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/07 18:48:48 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012/03/15 12:48:00 | 000,221,184 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2012/01/31 11:25:12 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
MOD - [2010/08/20 11:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 11:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:[b]64bit:[/b] - [2015/12/02 10:12:20 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe -- (McComponentHostService)
SRV:[b]64bit:[/b] - [2015/11/08 17:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2015/07/22 19:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2015/07/02 11:25:04 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2014/03/04 00:50:13 | 000,113,704 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/02/03 00:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/12/30 18:17:44 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/12/30 18:17:13 | 000,301,728 | ---- | M] (Tencent) [Auto | Running] -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCRTP.exe -- (QQPCRTP)
SRV - [2015/12/30 18:17:13 | 000,293,856 | ---- | M] (Tencent) [On_Demand | Stopped] -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TAOFrame.exe -- (TAOFrame)
SRV - [2015/12/29 21:29:02 | 000,228,072 | ---- | M] (TData.com) [Auto | Running] -- C:\Program Files (x86)\TDataDld\TData.exe -- (TDataSvr)
SRV - [2015/12/03 02:40:44 | 000,131,840 | ---- | M] (Shanghai Damo Network Sci. & Tech. Co. Ltd.) [Auto | Running] -- C:\Program Files (x86)\ADSafe\ADSafeSvc.exe -- (ADSafeSvc)
SRV - [2015/12/02 10:38:46 | 000,157,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2015/10/28 12:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/12 02:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/10/12 02:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/04/11 16:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/05/22 02:47:42 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2012/02/28 20:19:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/28 20:19:02 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/21 14:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/21 14:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2011/11/21 16:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2015/12/30 19:22:50 | 000,113,880 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:[/b] - [2015/12/30 18:17:18 | 000,274,232 | ---- | M] (Tencent Technology(Shenzhen) Company Limited) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TAOKernel64.sys -- (TAOKernelDriver)
DRV:[b]64bit:[/b] - [2015/12/30 18:17:18 | 000,087,864 | ---- | M] (5u¡{¶[) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\TFsFltX64.sys -- (TFsFlt)
DRV:[b]64bit:[/b] - [2015/12/30 18:17:18 | 000,074,040 | ---- | M] (Tencent) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TAOAccelerator64.sys -- (TAOAccelerator)
DRV:[b]64bit:[/b] - [2015/12/30 18:17:18 | 000,038,200 | ---- | M] (5u¡{¶[) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TSSKX64.sys -- (TSSKX64)
DRV:[b]64bit:[/b] - [2015/12/03 02:41:01 | 000,232,192 | ---- | M] (Shanghai Damo Network Sci. & Tech. Co. Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DMProtectEx64.sys -- (DMProtectEx)
DRV:[b]64bit:[/b] - [2015/12/03 02:40:56 | 000,049,920 | ---- | M] (Billion) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DMRedirect.sys -- (DMRedirect)
DRV:[b]64bit:[/b] - [2015/07/02 11:42:58 | 000,442,264 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2015/07/02 11:25:49 | 000,272,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2015/07/02 11:25:49 | 000,137,288 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:[b]64bit:[/b] - [2015/07/02 11:25:48 | 000,093,528 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2015/07/02 11:25:48 | 000,089,944 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2015/07/02 11:25:48 | 000,065,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2015/07/02 11:25:48 | 000,029,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:[b]64bit:[/b] - [2015/07/02 11:24:22 | 001,047,320 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2012/12/13 07:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012/09/29 13:14:42 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2012/09/29 13:14:42 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:[b]64bit:[/b] - [2012/09/29 13:14:42 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2012/09/29 13:14:42 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2012/08/21 07:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/05/24 22:22:42 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2012/05/22 02:47:34 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/05/14 12:44:20 | 000,200,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2012/04/12 21:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:[b]64bit:[/b] - [2012/04/11 17:49:00 | 000,035,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVBus.sys -- (AsusVBus)
DRV:[b]64bit:[/b] - [2012/04/11 17:48:58 | 000,016,512 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVTouch.sys -- (AsusVTouch)
DRV:[b]64bit:[/b] - [2012/03/26 12:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012/03/26 12:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/03/26 12:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/29 21:01:08 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2012/02/23 19:56:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2012/02/23 19:56:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2012/02/01 04:06:18 | 000,292,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:[b]64bit:[/b] - [2011/11/10 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2011/08/23 08:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/05/13 18:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 06:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2015/12/30 18:17:18 | 000,138,040 | ---- | M] (5u¡{¶[) [File_System | Auto | Running] -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQSysMonX64.sys -- (QQSysMonX64)
DRV - [2015/12/30 18:17:18 | 000,087,352 | ---- | M] (5u¡{¶[) [Kernel | System | Running] -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSSysKit64.sys -- (TSSysKit)
DRV - [2015/12/30 18:17:18 | 000,028,472 | ---- | M] (Tencent) [Kernel | System | Running] -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TsDefenseBT64.sys -- (TSDefenseBt)
DRV - [2015/12/14 06:16:46 | 000,156,984 | ---- | M] (Tencent) [Kernel | System | Running] -- C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QMUdisk64.sys -- (QMUdisk)
DRV - [2015/12/02 10:39:20 | 000,037,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys -- (mfesapsn)
DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=94493384_hao_pg
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {B28A094A-390C-412F-9A64-26195EC9A57A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4AEC5346-5B93-4666-B043-0AEA77EBB538}: "URL" = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{B28A094A-390C-412F-9A64-26195EC9A57A}: "URL" = https://fr.search.yahoo.com/search?fr=mcafee&type=C010FR885D20120929&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPCMgr: C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\npQMExtensionsMozilla.dll (Tencent Technology (Shenzhen) Company Limited)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ghyzou\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR\SAFFPLG.XPI [2015/11/23 11:53:00 | 000,074,843 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015/11/23 11:53:00 | 000,074,843 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/09/29 13:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/12/16 17:39:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

[2013/03/28 14:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]


O1 HOSTS File: ([2015/12/20 20:31:10 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (5u¡{¶[Qu˜2–kp™X) - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\TSWebMon64.dat (Tencent)
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ QQPCTray] C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16575.227\QQPCTRAY.EXE (Tencent)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MTview] C:\Program Files (x86)\MTV20151125\MTView.exe (STA)
O4 - HKLM..\Run: [setup_info] C:\Users\Ghyzou\AppData\Local\Temp\setup_info.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [cacaoweb] C:\Users\Ghyzou\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKCU..\Run: [Dropbox Update] C:\Users\Ghyzou\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ghyzou\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ghyzou\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [TrainTickets] C:\Program Files (x86)\TrainTickets_201512301808\201512301808\TrainTickets.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Users\Ghyzou\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ghyzou\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d'écran et lancement.lnk = File not found
O4 - Startup: C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizerInstaller.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 191.100.0.4 200.55.224.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1A73AC-E470-43A4-9079-7DA9289B8F72}: DhcpNameServer = 13.4.0.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E86F1782-D080-420E-B5F0-0E5A56AD9375}: DhcpNameServer = 191.100.0.4 200.55.224.66
O18:[b]64bit:[/b] - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/08/31 10:23:46 | 000,000,000 | ---D | M] - D:\Autonomie jeux -- [ NTFS ]
O33 - MountPoints2\{8593397a-0f98-11e2-a154-3085a97b11d0}\Shell - "" = AutoRun
O33 - MountPoints2\{8593397a-0f98-11e2-a154-3085a97b11d0}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\OPM-CE2.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2015/12/30 19:34:24 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Roaming\ZHP
[2015/12/30 18:59:12 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Local\{18E5FCA8-7B76-4F92-AE11-9156EF8FC06A}
[2015/12/30 18:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PCMGR
[2015/12/30 18:20:39 | 000,127,832 | ---- | C] (5u¡{¶[) -- C:\Windows\SysWow64\drivers\TsFltMgr.sys
[2015/12/30 18:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TXQMPC
[2015/12/30 18:19:15 | 000,074,040 | ---- | C] (Tencent) -- C:\Windows\SysNative\drivers\TAOAccelerator64.sys
[2015/12/30 18:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2015/12/30 18:19:00 | 000,038,200 | ---- | C] (5u¡{¶[) -- C:\Windows\SysNative\drivers\TSSKX64.sys
[2015/12/30 18:18:46 | 000,274,232 | ---- | C] (Tencent Technology(Shenzhen) Company Limited) -- C:\Windows\SysNative\drivers\TAOKernel64.sys
[2015/12/30 18:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2015/12/30 18:18:37 | 000,087,864 | ---- | C] (5u¡{¶[) -- C:\Windows\SysNative\drivers\TFsFltX64.sys
[2015/12/30 18:17:04 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Roaming\Tencent
[2015/12/30 18:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2015/12/30 18:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2015/12/30 18:10:32 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\.android
[2015/12/30 18:10:19 | 000,049,920 | ---- | C] (Billion) -- C:\Windows\SysNative\drivers\DMRedirect.sys
[2015/12/30 18:10:18 | 000,232,192 | ---- | C] (Shanghai Damo Network Sci. & Tech. Co. Ltd.) -- C:\Windows\SysNative\drivers\DMProtectEx64.sys
[2015/12/30 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADSafe
[2015/12/30 18:10:16 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Roaming\ADSafe3
[2015/12/30 18:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrainTickets_201512301808
[2015/12/30 18:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTV20151125
[2015/12/30 18:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀͼä¯ÀÀ
[2015/12/30 18:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TDataDld
[2015/12/30 18:02:55 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Roaming\mysites123
[2015/12/30 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\Desktop\Séries
[2015/12/29 18:44:13 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\Desktop\Remise en question et approfondissements
[2015/12/28 14:05:31 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Local\{DC8A8B0D-7F43-479E-9B8E-416D55E749B2}
[2015/12/27 12:35:53 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2015/12/24 11:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/12/24 11:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/12/20 20:55:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll
[2015/12/20 20:55:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll
[2015/12/20 20:55:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll
[2015/12/20 20:55:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL
[2015/12/20 20:55:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL
[2015/12/20 20:55:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL
[2015/12/20 20:55:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll
[2015/12/20 20:55:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL
[2015/12/20 20:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2015/12/16 20:53:18 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/12/16 20:53:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/12/16 20:53:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/12/16 20:53:17 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/12/16 20:53:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/12/16 20:53:16 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/12/16 20:53:15 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2015/12/16 20:53:14 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/12/16 20:53:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/12/16 20:53:13 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/12/16 20:53:13 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/12/16 20:53:08 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/12/16 20:53:08 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2015/12/16 20:53:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/12/16 20:53:07 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/12/16 20:53:06 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/12/16 20:53:06 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/12/16 20:53:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/12/16 20:53:05 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/12/16 20:53:03 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/12/16 20:53:03 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/12/16 20:53:03 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/12/16 20:53:00 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/12/16 20:53:00 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/12/16 20:52:58 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/12/16 20:52:57 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/12/16 20:52:56 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/12/16 20:52:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/12/16 20:52:54 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015/12/16 20:52:54 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/12/16 20:52:53 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/12/16 20:52:52 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/12/16 20:52:49 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/12/16 20:52:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/12/16 20:52:48 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/12/16 20:52:47 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/12/16 20:52:46 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/12/16 20:52:45 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/12/16 20:52:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015/12/16 20:52:41 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/12/16 20:52:41 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/12/16 20:51:10 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2015/12/16 20:51:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2015/12/16 20:50:50 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2015/12/16 20:50:46 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015/12/16 20:50:46 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015/12/16 20:50:46 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015/12/16 20:50:45 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015/12/16 20:50:45 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015/12/16 20:50:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015/12/16 20:50:45 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015/12/16 20:50:45 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015/12/16 20:50:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015/12/16 20:50:45 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015/12/16 20:50:45 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015/12/16 20:50:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015/12/16 20:50:45 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015/12/16 20:50:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015/12/16 20:50:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015/12/16 20:50:37 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015/12/16 20:50:34 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2015/12/16 20:50:11 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2015/12/16 20:50:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2015/12/16 20:50:11 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2015/12/16 20:50:08 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2015/12/16 20:50:07 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2015/12/16 20:50:07 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2015/12/16 20:50:07 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2015/12/16 17:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/12/16 17:38:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2015/12/13 22:43:24 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Local\{535CD227-D958-4F52-83A0-AA28CA1D9E82}
[2015/12/13 22:13:12 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2015/12/05 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\Ghyzou\AppData\Roaming\vlc
[2015/12/05 13:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2015/12/05 13:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\Ghyzou\AppData\Local\*.tmp files -> C:\Users\Ghyzou\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2015/12/30 19:36:14 | 000,000,826 | ---- | M] () -- C:\Users\Ghyzou\Desktop\ZHPDiag.lnk
[2015/12/30 19:22:50 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/12/30 19:22:04 | 000,001,200 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1007420373-1420732276-107617843-1001UA.job
[2015/12/30 19:15:10 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/12/30 19:00:26 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/12/30 18:50:59 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/12/30 18:50:59 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/12/30 18:46:36 | 001,708,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/12/30 18:46:36 | 000,762,100 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2015/12/30 18:46:36 | 000,668,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/12/30 18:46:36 | 000,155,054 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2015/12/30 18:46:36 | 000,126,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/12/30 18:40:22 | 000,410,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/12/30 18:40:06 | 000,000,489 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\sp_data.sys
[2015/12/30 18:39:58 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/12/30 18:39:44 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2015/12/30 18:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/12/30 18:39:21 | 3129,909,248 | -HS- | M] () -- C:\hiberfil.sys
[2015/12/30 18:17:39 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/12/30 18:17:39 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/12/30 18:17:18 | 000,274,232 | ---- | M] (Tencent Technology(Shenzhen) Company Limited) -- C:\Windows\SysNative\drivers\TAOKernel64.sys
[2015/12/30 18:17:18 | 000,087,864 | ---- | M] (5u¡{¶[) -- C:\Windows\SysNative\drivers\TFsFltX64.sys
[2015/12/30 18:17:18 | 000,074,040 | ---- | M] (Tencent) -- C:\Windows\SysNative\drivers\TAOAccelerator64.sys
[2015/12/30 18:17:18 | 000,038,200 | ---- | M] (5u¡{¶[) -- C:\Windows\SysNative\drivers\TSSKX64.sys
[2015/12/30 18:03:56 | 000,000,754 | ---- | M] () -- C:\Users\Ghyzou\Application Data\Microsoft\Internet Explorer\Quick Launch\ÃÀͼä¯ÀÀ.lnk
[2015/12/30 18:03:08 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/12/30 18:02:59 | 000,002,585 | ---- | M] () -- C:\Users\Ghyzou\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/12/29 23:56:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1007420373-1420732276-107617843-1001Core.job
[2015/12/29 22:47:28 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\FileHider.job
[2015/12/29 18:44:09 | 002,076,178 | ---- | M] () -- C:\Users\Ghyzou\Desktop\Devenir enseignant mémoire Meirieu.pdf
[2015/12/29 14:34:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2015/12/28 14:11:03 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1007420373-1420732276-107617843-1001Core.job
[2015/12/21 13:44:44 | 001,683,490 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/12/20 20:31:10 | 000,000,860 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/12/20 20:31:08 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2015/12/20 20:31:08 | 000,001,926 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/12/14 19:55:50 | 000,014,155 | ---- | M] () -- C:\Users\Ghyzou\Desktop\EQUIPE RENCONTRE SPORT.odt
[2015/12/13 22:14:02 | 000,001,143 | ---- | M] () -- C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/12/05 13:54:37 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2015/12/04 06:06:20 | 000,127,832 | ---- | M] (5u¡{¶[) -- C:\Windows\SysWow64\drivers\TsFltMgr.sys
[2015/12/03 02:41:01 | 000,232,192 | ---- | M] (Shanghai Damo Network Sci. & Tech. Co. Ltd.) -- C:\Windows\SysNative\drivers\DMProtectEx64.sys
[2015/12/03 02:40:56 | 000,049,920 | ---- | M] (Billion) -- C:\Windows\SysNative\drivers\DMRedirect.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\Ghyzou\AppData\Local\*.tmp files -> C:\Users\Ghyzou\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2015/12/30 19:34:27 | 000,000,826 | ---- | C] () -- C:\Users\Ghyzou\Desktop\ZHPDiag.lnk
[2015/12/30 18:03:56 | 000,000,754 | ---- | C] () -- C:\Users\Ghyzou\Application Data\Microsoft\Internet Explorer\Quick Launch\ÃÀͼä¯ÀÀ.lnk
[2015/12/29 18:44:03 | 002,076,178 | ---- | C] () -- C:\Users\Ghyzou\Desktop\Devenir enseignant mémoire Meirieu.pdf
[2015/12/20 20:31:08 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2015/12/20 20:30:54 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2015/12/14 19:55:45 | 000,014,155 | ---- | C] () -- C:\Users\Ghyzou\Desktop\EQUIPE RENCONTRE SPORT.odt
[2015/12/05 13:54:37 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2015/10/13 18:52:16 | 000,000,013 | ---- | C] () -- C:\Users\Ghyzou\.pluto.tv
[2015/10/01 17:47:41 | 000,005,632 | ---- | C] () -- C:\Users\Ghyzou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/22 15:33:29 | 000,000,021 | ---- | C] () -- C:\Users\Ghyzou\AppData\Roaming\my_intel.sys
[2012/09/29 13:06:00 | 000,000,489 | ---- | C] () -- C:\Users\Ghyzou\AppData\Roaming\sp_data.sys
[2012/02/23 21:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 13:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 12:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2015/12/30 18:18:36 | 000,000,000 | ---D | C](C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\~¯‹oöN
[2015/12/30 18:10:20 | 000,001,849 | ---- | M] ()(C:\Users\Ghyzou\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Ghyzou\Application Data\Microsoft\Internet Explorer\Quick Launch\ÀQQ'Y^.lnk
[2015/12/30 18:10:20 | 000,001,849 | ---- | C] ()(C:\Users\Ghyzou\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\Ghyzou\Application Data\Microsoft\Internet Explorer\Quick Launch\ÀQQ'Y^.lnk
[2015/12/30 18:10:19 | 000,000,000 | ---D | C](C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Ghyzou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÀQQ'Y^

< End of report >

Publicité


Signaler le contenu de ce document

Publicité