Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version: 10-10-2016 Exécuté par Leo (administrateur) sur LE (12-10-2016 13:06:42) Exécuté depuis C:\Users\Leo\Desktop Profils chargés: Leo (Profils disponibles: Leo) Platform: Windows 8.1 (Update) (X64) Langue: Français (France) Internet Explorer Version 11 (Navigateur par défaut: Opera) Mode d'amorçage: Normal Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processus (Avec liste blanche) ================= (Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe () C:\Windows\jmesoft\Service.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe (Lenovo) C:\Windows\jmesoft\hotkey.exe () C:\Windows\jmesoft\JME_LOAD.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Opera Software) C:\Program Files (x86)\Opera\40.0.2308.81\opera.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registre (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216576 2014-03-10] (Realtek Semiconductor Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15853176 2016-08-03] (Logitech Inc.) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] () HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917584 2016-10-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare) HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\...\Run: [TeamSpeak 3 Client] => C:\Users\Leo\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe [11479320 2016-09-12] (TeamSpeak Systems GmbH) HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.) HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3837016 2016-07-09] () HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\...\RunOnce: [Application Restart #0] => C:\Users\Leo\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resource (l'élément de données a 579 caractères en plus). ==================== Internet (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.) Tcpip\..\Interfaces\{9B86A68A-B67F-4991-A321-635204B78002}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{9B86A68A-B67F-4991-A321-635204B78002}: [DhcpNameServer] 192.168.1.254 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com HKU\S-1-5-21-2883583054-3779539893-2577248336-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-17] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-17] (Oracle Corporation) FireFox: ======== FF DefaultProfile: 3t0mi0eb.default FF ProfilePath: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\3t0mi0eb.default [2016-09-27] FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\3t0mi0eb.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3t0mi0eb.default -> Bing FF Homepage: Mozilla\Firefox\Profiles\3t0mi0eb.default -> hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=fr-fr FF Keyword.URL: Mozilla\Firefox\Profiles\3t0mi0eb.default -> hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q= FF Extension: (Avira Browser Safety) - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\3t0mi0eb.default\Extensions\abs@avira.com.xpi [2016-09-20] FF Extension: (Bing Search) - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\3t0mi0eb.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-16] FF Extension: (Firefox Hotfix) - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\3t0mi0eb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] FF SearchPlugin: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\3t0mi0eb.default\searchplugins\bing-.xml [2015-12-16] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] () FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-17] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (WOT) - C:\Users\Leo\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2016-10-11] ==================== Services (Avec liste blanche) ==================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-22] (Advanced Micro Devices, Inc.) [Fichier non signé] S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1086040 2016-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-11] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-11] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1489240 2016-10-11] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [346928 2016-08-24] (Avira Operations GmbH & Co. KG) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [92160 2014-03-12] () [Fichier non signé] R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [Fichier non signé] S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [559872 2014-08-06] (Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-03] (Logitech Inc.) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] () R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-12-16] (Maxthon) R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [X] ===================== Pilotes (Avec liste blanche) ====================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [110096 2016-05-04] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [149832 2016-10-11] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153392 2016-10-11] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-06-02] (Avira Operations GmbH & Co. KG) R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-19] (Logitech Inc.) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3347672 2014-03-13] (Realtek Semiconductor Corporation ) R3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ==================== Un mois - Créés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-10-12 13:06 - 2016-10-12 13:07 - 00017657 _____ C:\Users\Leo\Desktop\FRST.txt 2016-10-12 13:06 - 2016-10-12 13:06 - 00000000 ____D C:\FRST 2016-10-12 13:05 - 2016-10-12 13:05 - 02407424 _____ (Farbar) C:\Users\Leo\Desktop\FRST64.exe 2016-10-12 11:42 - 2016-10-12 11:42 - 03874368 _____ C:\Users\Leo\Desktop\adwcleaner_6.021.exe 2016-10-12 10:58 - 2016-10-12 11:05 - 00000000 ____D C:\Users\Leo\AppData\Roaming\ZHP 2016-10-12 10:47 - 2016-10-12 11:45 - 00000000 ____D C:\AdwCleaner 2016-10-11 22:23 - 2016-10-11 22:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-10-11 22:22 - 2016-10-11 22:22 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-10-11 22:22 - 2016-10-11 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-10-11 22:22 - 2016-10-11 22:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-10-11 22:22 - 2016-10-11 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-10-11 22:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-10-11 22:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-10-11 22:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-10-11 18:10 - 2016-10-11 18:11 - 3270803456 _____ C:\Users\Leo\Downloads\X17-59479.ISO 2016-10-11 17:37 - 2016-10-11 17:37 - 00000000 ____D C:\Users\Leo\VirtualBox VMs 2016-10-11 17:35 - 2016-10-12 11:23 - 00000000 ____D C:\Users\Leo\.VirtualBox 2016-10-11 17:32 - 2016-10-11 17:32 - 00001103 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2016-10-11 17:32 - 2016-10-11 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-10-11 17:32 - 2016-10-11 17:32 - 00000000 ____D C:\Program Files\Oracle 2016-10-11 17:32 - 2016-09-12 18:18 - 00920168 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2016-10-11 17:32 - 2016-09-12 18:17 - 00149256 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2016-10-11 17:29 - 2016-10-11 17:30 - 122288608 _____ (Oracle Corporation) C:\Users\Leo\Downloads\VirtualBox-5.1.6-110634-Win.exe 2016-10-11 12:02 - 2016-10-11 12:04 - 48558117 _____ C:\Users\Leo\Documents\gravel.mp4 2016-10-11 10:34 - 2016-10-11 10:33 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2016-10-05 17:56 - 2016-10-05 17:56 - 00012128 _____ C:\Users\Leo\AppData\Local\recently-used.xbel 2016-10-02 16:45 - 2016-10-02 16:45 - 00406574 _____ C:\Users\Leo\Downloads\vti.zip 2016-09-30 23:12 - 2016-09-30 23:28 - 282428268 _____ C:\Users\Leo\Documents\winlights1.mp4 2016-09-30 19:30 - 2016-09-30 19:30 - 00031480 _____ C:\Users\Leo\Documents\winlights1.veg 2016-09-30 19:20 - 2016-09-30 19:26 - 00003072 _____ C:\Users\Leo\Downloads\A FEW MOMENTS LATER (HD).mp4.sfk 2016-09-30 19:20 - 2016-09-30 19:20 - 00315633 _____ C:\Users\Leo\Downloads\A FEW MOMENTS LATER (HD).mp4 2016-09-28 14:18 - 2016-09-28 14:18 - 40522559 _____ C:\Users\Leo\Downloads\!Dynamic Duo RedBlue.zip 2016-09-27 18:03 - 2016-09-27 18:03 - 07084052 _____ C:\Users\Leo\Downloads\LosFabiStorios!.rar 2016-09-27 16:27 - 2016-10-06 16:27 - 00003860 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1474986414 2016-09-27 16:27 - 2016-09-27 16:27 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Opera Software 2016-09-27 16:27 - 2016-09-27 16:27 - 00000000 ____D C:\Users\Leo\AppData\Local\Opera Software 2016-09-27 16:26 - 2016-10-06 16:27 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-09-27 16:26 - 2016-10-06 16:27 - 00000000 ____D C:\Program Files (x86)\Opera 2016-09-27 16:26 - 2016-09-27 16:26 - 01137288 _____ (Opera Software) C:\Users\Leo\Downloads\OperaSetup.exe 2016-09-27 16:26 - 2016-09-27 16:26 - 00001162 _____ C:\Users\Public\Desktop\Opera.lnk 2016-09-27 16:21 - 2016-09-27 16:21 - 00281488 _____ C:\WINDOWS\Minidump\092716-25531-01.dmp 2016-09-27 16:14 - 2016-09-27 16:14 - 00290048 _____ C:\WINDOWS\Minidump\092716-25546-01.dmp 2016-09-27 13:06 - 2016-09-27 13:10 - 00000000 ____D C:\Users\Leo\AppData\Roaming\PlaysTV 2016-09-27 13:04 - 2016-09-27 13:10 - 00000000 ____D C:\Program Files (x86)\Raptr Inc 2016-09-27 13:04 - 2016-09-27 13:04 - 00000000 ____D C:\Users\Leo\AppData\Roaming\library_dir 2016-09-27 13:03 - 2016-09-27 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings 2016-09-27 13:03 - 2016-09-27 13:03 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-09-27 13:03 - 2016-06-23 20:22 - 00264992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2016-09-27 13:03 - 2016-06-23 20:21 - 00257824 _____ C:\WINDOWS\system32\vulkan-1.dll 2016-09-27 13:03 - 2016-06-23 20:21 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2016-09-27 13:03 - 2016-06-23 20:20 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe 2016-09-27 13:02 - 2016-09-27 13:02 - 00000000 ____D C:\Program Files (x86)\AMD 2016-09-27 12:57 - 2014-02-16 18:23 - 00060640 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\usbfilter.sys 2016-09-27 12:55 - 2016-09-27 12:55 - 00000000 ____D C:\AMD 2016-09-27 12:53 - 2016-09-27 12:53 - 00000437 _____ C:\SetupCD.txt 2016-09-27 12:52 - 2016-09-27 12:52 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Leo\Downloads\autodetectutility.exe 2016-09-27 12:47 - 2016-09-27 12:47 - 00281488 _____ C:\WINDOWS\Minidump\092716-30687-01.dmp 2016-09-27 12:39 - 2016-09-27 12:39 - 00281488 _____ C:\WINDOWS\Minidump\092716-33062-01.dmp 2016-09-26 22:10 - 2016-09-26 22:11 - 00281488 _____ C:\WINDOWS\Minidump\092616-27015-01.dmp 2016-09-26 18:01 - 2016-09-26 18:02 - 00281376 _____ C:\WINDOWS\Minidump\092616-32421-01.dmp 2016-09-26 13:00 - 2016-09-26 13:01 - 00281384 _____ C:\WINDOWS\Minidump\092616-33703-01.dmp 2016-09-26 12:51 - 2016-09-26 12:52 - 00281376 _____ C:\WINDOWS\Minidump\092616-27031-01.dmp 2016-09-23 23:12 - 2016-09-26 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-09-20 15:17 - 2016-09-20 15:17 - 00281488 _____ C:\WINDOWS\Minidump\092016-23234-01.dmp 2016-09-20 14:49 - 2016-09-20 14:49 - 00281376 _____ C:\WINDOWS\Minidump\092016-24734-01.dmp 2016-09-19 14:32 - 2016-09-19 14:32 - 00001167 _____ C:\Users\Public\Desktop\Avira Launcher.lnk 2016-09-18 21:41 - 2016-09-18 21:42 - 30533688 _____ C:\Users\Leo\Downloads\vlc-2.2.4-win32.exe 2016-09-18 21:33 - 2016-09-18 21:34 - 00281488 _____ C:\WINDOWS\Minidump\091816-24875-01.dmp 2016-09-17 12:58 - 2016-09-17 12:58 - 00281488 _____ C:\WINDOWS\Minidump\091716-32171-01.dmp 2016-09-17 12:54 - 2016-09-17 12:54 - 00281488 _____ C:\WINDOWS\Minidump\091716-36718-01.dmp 2016-09-17 12:47 - 2016-09-17 12:47 - 00281488 _____ C:\WINDOWS\Minidump\091716-26375-01.dmp 2016-09-17 10:57 - 2016-09-17 11:10 - 351539882 _____ C:\Users\Leo\Documents\hlspood.mp4 2016-09-16 18:30 - 2016-09-16 21:26 - 00061688 _____ C:\Users\Leo\Documents\hlspood.veg 2016-09-16 18:30 - 2016-09-16 18:30 - 00022952 _____ C:\Users\Leo\Documents\hlspood.veg.bak 2016-09-16 18:12 - 2016-09-16 18:13 - 00379648 _____ C:\Users\Leo\Downloads\Nightwish - Nemo lyrics.mp3.sfk 2016-09-14 18:08 - 2016-09-14 18:08 - 10595069 _____ C:\Users\Leo\Downloads\0021-Install_Win8_8.1_8047_08232016.zip 2016-09-14 17:58 - 2016-09-14 17:58 - 00281440 _____ C:\WINDOWS\Minidump\091416-35078-01.dmp 2016-09-14 16:14 - 2016-09-14 16:14 - 00003090 _____ C:\WINDOWS\System32\Tasks\{AD9A2FB0-036F-4571-B0E4-F2948FC6C732} 2016-09-14 07:03 - 2016-09-01 05:08 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-14 07:03 - 2016-09-01 04:46 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-09-14 07:03 - 2016-09-01 04:24 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-09-14 07:03 - 2016-09-01 03:39 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-09-14 07:03 - 2016-09-01 03:30 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-14 07:03 - 2016-09-01 03:27 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-14 07:03 - 2016-09-01 03:24 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-09-14 07:03 - 2016-09-01 02:45 - 25770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-14 07:03 - 2016-09-01 02:43 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-09-14 07:03 - 2016-09-01 02:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-09-14 07:03 - 2016-09-01 02:38 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-14 07:03 - 2016-09-01 02:24 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-09-14 07:03 - 2016-09-01 02:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-09-14 07:03 - 2016-09-01 02:06 - 06047232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-09-14 07:03 - 2016-09-01 01:38 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-09-14 07:03 - 2016-09-01 01:28 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-14 07:03 - 2016-09-01 01:15 - 15411712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-14 07:03 - 2016-09-01 01:10 - 02921472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-09-14 07:03 - 2016-09-01 00:58 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-14 07:03 - 2016-09-01 00:47 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-09-14 07:03 - 2016-08-26 07:51 - 02894336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-14 07:03 - 2016-08-26 06:44 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-14 07:03 - 2016-08-26 06:41 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-09-14 07:03 - 2016-08-26 06:00 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-09-14 07:03 - 2016-08-21 01:45 - 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-09-14 07:03 - 2016-08-21 01:22 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-14 07:03 - 2016-08-21 01:05 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-09-14 07:03 - 2016-08-21 00:50 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-14 07:03 - 2016-08-21 00:42 - 07795712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-09-14 07:03 - 2016-08-21 00:27 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-09-14 07:03 - 2016-08-10 00:47 - 00803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-09-14 07:03 - 2016-08-10 00:47 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-09-14 07:03 - 2016-08-04 16:17 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-09-14 07:03 - 2016-08-03 20:06 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-09-14 07:03 - 2016-08-03 20:05 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-09-14 07:02 - 2016-09-08 23:51 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-09-14 07:02 - 2016-09-08 23:51 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-09-14 07:02 - 2016-08-22 18:06 - 00179248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-09-14 07:02 - 2016-08-22 18:06 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2016-09-14 07:02 - 2016-08-21 03:03 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-14 07:02 - 2016-08-21 03:01 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-14 07:02 - 2016-08-21 03:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-09-14 07:02 - 2016-08-21 02:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-09-14 07:02 - 2016-08-21 01:27 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-14 07:02 - 2016-08-21 01:26 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-09-14 07:02 - 2016-08-21 00:55 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-09-14 07:02 - 2016-08-14 21:34 - 01541248 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-14 07:02 - 2016-08-14 20:25 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-14 07:02 - 2016-08-14 18:14 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-14 07:02 - 2016-08-13 09:41 - 07445848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-14 07:02 - 2016-08-13 09:40 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-14 07:02 - 2016-08-13 09:40 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-14 07:02 - 2016-08-13 09:40 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-14 07:02 - 2016-08-13 09:40 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-14 07:02 - 2016-08-13 09:40 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-14 07:02 - 2016-08-13 02:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-09-14 07:02 - 2016-08-11 18:26 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2016-09-14 07:02 - 2016-08-11 18:17 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2016-09-14 07:02 - 2016-08-11 18:16 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2016-09-14 07:02 - 2016-07-09 18:10 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-09-14 07:02 - 2016-07-09 00:35 - 00101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2016-09-14 07:02 - 2016-07-08 16:17 - 00377344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2016-09-14 07:02 - 2016-07-08 16:17 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll 2016-09-14 07:02 - 2016-07-08 00:32 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2016-09-14 07:02 - 2016-07-08 00:18 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll 2016-09-14 07:02 - 2016-07-08 00:10 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll 2016-09-14 07:02 - 2016-07-08 00:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasppp.dll 2016-09-14 07:02 - 2016-07-07 23:04 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2016-09-14 07:02 - 2016-07-07 22:59 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-09-14 07:02 - 2016-07-07 22:44 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-09-14 07:02 - 2016-07-07 22:41 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2016-09-14 07:02 - 2016-07-07 22:34 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2016-09-14 07:02 - 2016-07-07 22:29 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2016-09-14 07:02 - 2016-07-07 22:29 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-09-14 07:02 - 2016-07-07 22:23 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll 2016-09-14 07:02 - 2016-07-07 22:18 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll 2016-09-14 07:02 - 2016-07-07 22:11 - 01661064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-09-14 07:02 - 2016-07-07 22:11 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-09-14 07:02 - 2016-07-07 22:11 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasppp.dll 2016-09-14 07:02 - 2016-07-07 21:35 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2016-09-14 07:02 - 2016-07-07 21:14 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-09-14 07:02 - 2016-07-04 07:09 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-09-14 07:02 - 2016-07-04 05:45 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2016-09-14 07:02 - 2016-07-04 05:37 - 02897920 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-09-14 07:02 - 2016-07-04 05:33 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2016-09-14 07:02 - 2016-07-04 05:04 - 02539008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-09-14 07:02 - 2016-07-04 05:02 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2016-09-14 07:02 - 2016-07-04 04:19 - 03547136 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-09-14 07:02 - 2016-07-01 22:39 - 00197352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssenh.dll 2016-09-14 07:02 - 2016-07-01 22:39 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dssenh.dll 2016-09-14 07:02 - 2016-01-10 19:08 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2016-09-12 22:02 - 2016-09-12 22:02 - 22918913 _____ C:\Users\Leo\Downloads\§0Lethals §o§1Sapphire §fV4.rar 2016-09-12 18:17 - 2016-09-12 18:17 - 00195936 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys 2016-09-12 18:17 - 2016-09-12 18:17 - 00121248 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys ==================== Un mois - Modifiés - fichiers et dossiers ======== (Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.) 2016-10-12 13:06 - 2015-12-16 19:26 - 00000000 ____D C:\Users\Leo\AppData\Roaming\TS3Client 2016-10-12 13:06 - 2015-12-16 18:51 - 00001122 _____ C:\Users\Leo\Desktop\nativelog.txt 2016-10-12 12:59 - 2015-12-20 19:37 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype 2016-10-12 12:55 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-10-12 12:54 - 2015-12-16 19:58 - 00111024 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe 2016-10-12 12:54 - 2015-12-16 19:58 - 00094464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe 2016-10-12 12:52 - 2015-12-16 18:40 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2883583054-3779539893-2577248336-1002 2016-10-12 12:38 - 2015-12-16 18:47 - 00000000 ____D C:\Users\Leo\AppData\Roaming\.minecraft 2016-10-12 12:36 - 2016-04-27 19:00 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-10-12 11:47 - 2015-12-16 18:40 - 00000000 __RDO C:\Users\Leo\OneDrive 2016-10-12 11:46 - 2016-04-25 22:54 - 00000512 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2016-10-12 11:46 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-10-12 11:45 - 2014-12-23 07:44 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2016-10-12 11:42 - 2016-01-10 21:45 - 00200192 ___SH C:\Users\Leo\Downloads\Thumbs.db 2016-10-12 10:57 - 2014-12-23 16:30 - 00923076 _____ C:\WINDOWS\system32\perfh00C.dat 2016-10-12 10:57 - 2014-12-23 16:30 - 00194806 _____ C:\WINDOWS\system32\perfc00C.dat 2016-10-12 10:57 - 2014-03-18 11:53 - 00005426 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-10-12 10:52 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-10-12 10:50 - 2014-12-23 08:01 - 00000000 ____D C:\Program Files (x86)\Amazon 2016-10-12 10:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Cursors 2016-10-12 10:35 - 2015-12-18 22:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-10-12 10:31 - 2015-12-18 22:46 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-10-12 07:58 - 2015-12-16 18:45 - 00003904 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0A8F259B-BBA6-4FE3-A095-D7234C908144} 2016-10-12 04:36 - 2016-04-27 19:00 - 00003890 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-10-12 04:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-10-12 04:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-10-11 20:36 - 2015-12-16 22:16 - 00000000 ____D C:\Users\Leo\AppData\Roaming\OBS 2016-10-11 17:37 - 2015-12-16 18:32 - 00000000 ____D C:\Users\Leo 2016-10-11 17:33 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf 2016-10-11 11:44 - 2015-12-16 22:22 - 00000000 ____D C:\Users\Leo\AppData\Roaming\vlc 2016-10-11 10:34 - 2016-01-02 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-10-11 10:33 - 2016-01-02 17:12 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-10-11 10:33 - 2016-01-02 17:12 - 00149832 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-10-10 18:09 - 2016-02-11 22:59 - 00004608 ___SH C:\Users\Leo\Desktop\Thumbs.db 2016-10-08 18:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-10-05 19:10 - 2015-12-21 16:19 - 00000000 ____D C:\Users\Leo\.gimp-2.8 2016-10-05 17:56 - 2015-12-21 16:24 - 00000000 ____D C:\Users\Leo\AppData\Local\gtk-2.0 2016-10-01 02:15 - 2015-12-19 17:38 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-10-01 02:15 - 2015-12-19 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-30 23:35 - 2016-03-31 00:37 - 00523776 ___SH C:\Users\Leo\Documents\Thumbs.db 2016-09-30 00:07 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-27 16:21 - 2016-02-02 22:45 - 00000000 ____D C:\WINDOWS\Minidump 2016-09-27 16:21 - 2016-02-02 22:44 - 594852556 _____ C:\WINDOWS\MEMORY.DMP 2016-09-27 13:10 - 2016-08-31 22:46 - 00000000 ____D C:\Program Files (x86)\Mumble 2016-09-27 13:09 - 2016-03-17 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis 2016-09-27 13:09 - 2016-03-17 00:11 - 00000000 ____D C:\Program Files (x86)\Mirillis 2016-09-27 13:09 - 2016-01-06 22:54 - 00000000 ____D C:\Program Files (x86)\Avidemux 2.6 - 32 bits 2016-09-27 13:03 - 2015-12-16 18:37 - 00000000 ____D C:\Users\Leo\AppData\Local\AMD 2016-09-27 13:03 - 2014-12-23 07:44 - 00000000 ____D C:\Program Files\AMD 2016-09-27 13:01 - 2014-12-23 07:43 - 00000000 ____D C:\Program Files (x86)\ATI Technologies 2016-09-27 12:56 - 2014-12-23 07:43 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-26 15:33 - 2016-01-14 14:25 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Audacity 2016-09-26 15:16 - 2015-12-21 16:23 - 00000000 ____D C:\Users\Leo\Desktop\Textures 2016-09-26 13:00 - 2015-12-16 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-09-26 12:49 - 2016-07-20 00:55 - 00000000 ____D C:\Users\Leo\AppData\Local\whatpulse 2016-09-23 20:31 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-23 11:45 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache 2016-09-18 21:43 - 2015-12-16 22:22 - 00001097 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-09-17 13:06 - 2015-12-16 19:09 - 00000000 ____D C:\Users\Leo\.oracle_jre_usage 2016-09-17 13:06 - 2015-12-16 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-09-17 13:06 - 2015-12-16 19:08 - 00000000 ____D C:\ProgramData\Oracle 2016-09-17 13:06 - 2015-12-16 19:08 - 00000000 ____D C:\Program Files (x86)\Java 2016-09-17 13:05 - 2015-12-16 19:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-09-15 16:36 - 2013-08-22 16:44 - 00346936 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-15 16:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2016-09-15 16:33 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\setup 2016-09-14 18:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-09-13 18:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\tracing 2016-09-12 12:36 - 2015-12-16 18:54 - 00000000 ____D C:\Users\Leo\AppData\Local\TeamSpeak 3 Client ==================== Fichiers à la racine de certains dossiers ======= 2016-01-06 16:23 - 2016-01-06 16:23 - 0000096 _____ () C:\Users\Leo\AppData\Roaming\Camdata.ini 2016-01-06 16:23 - 2016-01-06 16:23 - 0000408 _____ () C:\Users\Leo\AppData\Roaming\CamLayout.ini 2016-01-06 16:23 - 2016-01-06 16:23 - 0000408 _____ () C:\Users\Leo\AppData\Roaming\CamShapes.ini 2016-01-06 16:23 - 2016-01-06 16:23 - 0004522 _____ () C:\Users\Leo\AppData\Roaming\CamStudio.cfg 2015-12-16 18:58 - 2014-11-09 02:20 - 0000360 _____ () C:\Users\Leo\AppData\Roaming\coal_ore.png 2015-12-16 18:58 - 2014-11-09 02:20 - 0000530 _____ () C:\Users\Leo\AppData\Roaming\cobblestone.png 2015-12-16 18:58 - 2014-11-09 02:20 - 0000590 _____ () C:\Users\Leo\AppData\Roaming\cobblestone_mossy.png 2015-12-16 18:58 - 2014-11-09 02:20 - 0007420 _____ () C:\Users\Leo\AppData\Roaming\diamond_ore.png 2015-12-16 18:58 - 2014-11-09 02:20 - 0000412 _____ () C:\Users\Leo\AppData\Roaming\diamond_ore.png.mcmeta 2015-12-16 18:58 - 2014-11-09 02:20 - 0000352 _____ () C:\Users\Leo\AppData\Roaming\emerald_ore.png 2015-12-16 18:58 - 2014-11-09 02:20 - 0005099 _____ () C:\Users\Leo\AppData\Roaming\gold_ore.png 2015-12-16 18:58 - 2014-11-09 02:20 - 0000286 _____ () C:\Users\Leo\AppData\Roaming\gold_ore.png.mcmeta 2015-12-16 18:58 - 2014-11-09 02:20 - 0028442 _____ () C:\Users\Leo\AppData\Roaming\redstone_ore.png 2015-12-16 18:58 - 2014-11-09 02:20 - 0000235 _____ () C:\Users\Leo\AppData\Roaming\redstone_ore.png.mcmeta 2015-12-16 18:35 - 2016-10-12 11:47 - 0813359 _____ () C:\Users\Leo\AppData\Local\BTServer.log 2016-10-05 17:56 - 2016-10-05 17:56 - 0012128 _____ () C:\Users\Leo\AppData\Local\recently-used.xbel 2014-12-23 07:45 - 2014-12-23 07:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Certains fichiers dans TEMP: ==================== C:\Users\Leo\AppData\Local\Temp\avgnt.exe C:\Users\Leo\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Leo\AppData\Local\Temp\jansi-64-133513370051351576.dll C:\Users\Leo\AppData\Local\Temp\jansi-64-1779443516807547725.dll C:\Users\Leo\AppData\Local\Temp\jansi-64-2232897374637674338.dll C:\Users\Leo\AppData\Local\Temp\jansi-64-3451325950847259605.dll C:\Users\Leo\AppData\Local\Temp\jansi-64-5978376593112360982.dll C:\Users\Leo\AppData\Local\Temp\jansi-64-7696479760299912297.dll C:\Users\Leo\AppData\Local\Temp\jansi-64-7846884585274134995.dll C:\Users\Leo\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Leo\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Leo\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Leo\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Leo\AppData\Local\Temp\LenovoExperienceImprovement.exe C:\Users\Leo\AppData\Local\Temp\libeay32.dll C:\Users\Leo\AppData\Local\Temp\McCSPInstall.dll C:\Users\Leo\AppData\Local\Temp\mccspuninstall.exe C:\Users\Leo\AppData\Local\Temp\msvcr120.dll C:\Users\Leo\AppData\Local\Temp\oct2790.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct2C10.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct37D0.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct3E36.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct40F1.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct58BE.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct5CC2.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct80BA.tmp.exe C:\Users\Leo\AppData\Local\Temp\oct8573.tmp.exe C:\Users\Leo\AppData\Local\Temp\octA84.tmp.exe C:\Users\Leo\AppData\Local\Temp\playstv_patch.exe C:\Users\Leo\AppData\Local\Temp\radeon-crimson-16.7.3-minimalsetup-160728.exe C:\Users\Leo\AppData\Local\Temp\raptrpatch.exe C:\Users\Leo\AppData\Local\Temp\raptr_stub.exe C:\Users\Leo\AppData\Local\Temp\SkypeSetup.exe C:\Users\Leo\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\Leo\AppData\Local\Temp\sqlite3.dll C:\Users\Leo\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ====================== (Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.) C:\WINDOWS\system32\winlogon.exe => Le fichier est signé numériquement C:\WINDOWS\system32\wininit.exe => Le fichier est signé numériquement C:\WINDOWS\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\explorer.exe => Le fichier est signé numériquement C:\WINDOWS\system32\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\svchost.exe => Le fichier est signé numériquement C:\WINDOWS\system32\services.exe => Le fichier est signé numériquement C:\WINDOWS\system32\User32.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\User32.dll => Le fichier est signé numériquement C:\WINDOWS\system32\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\userinit.exe => Le fichier est signé numériquement C:\WINDOWS\system32\rpcss.dll => Le fichier est signé numériquement C:\WINDOWS\system32\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\SysWOW64\dnsapi.dll => Le fichier est signé numériquement C:\WINDOWS\system32\Drivers\volsnap.sys => Le fichier est signé numériquement LastRegBack: 2016-10-12 05:46 ==================== Fin de FRST.txt ============================