Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

maybe worry after backdoor.regin infection ( before format hard disk)


  • This topic is locked This topic is locked
9 replies to this topic

#1 garcimore

garcimore

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 02 May 2015 - 08:58 AM

Hello,

 

I have been infected by backdoor.regin, in Windows 8.1 embedded industry pro, provided by my college.

 

I have formatted my hard disk, with the command dd if=/dev/zero of=/dev/sda, and after that, i reflash my bios uefi (v2.3.1).

 

I have installed a OEM version of windows 8 ( and not Windows 8.1 industry pro),  and create a partition for debian, but I am not sure that it is enough (because GrayFish)

 

Have you idea that I am not infected now ?

 

I say that, because one visible signs is svchost without name, as "ghost svchost", before I have formatted, but it reappeared after reinstallation , when i update Nvidia Drivers. Perharps it is normal, as I am a normal account (no administrator), but Nvidia did not work properly as usual when i have been infected. (it do not appear in Windows Notification aera).

 

I have been following this topic, and join FRST files.

 

Two weeks ago, I use aswMBR, and for it, no problem. I Join also the aswMBR file.

 

If you will more explaination , about my old problems with the infection, I can resume, but I think that it is not important.

 

Thanks

 

Bests Regards

 

edit: I am wrong:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by allo (administrator) on PC_ALPHA on 02-05-2015 14:19:47
Running from C:\Users\alexandre\Desktop
Loaded Profiles: alexandre & allo (Available profiles: alexandre & allo)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-23] (COMODO)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [22912 2015-04-07] (Intel Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-23] (COMODO)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-02] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-49093684-1653668079-1334754271-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-04-11] ()
HKU\S-1-5-21-49093684-1653668079-1334754271-1003\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-04-11] ()
HKU\S-1-5-21-49093684-1653668079-1334754271-1003\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [455392 2015-05-02] (Sony)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-14] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-49093684-1653668079-1334754271-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-fr/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-06] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-06] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 80.67.169.12 80.67.169.40
 
FireFox:
========
FF ProfilePath: C:\Users\allo\AppData\Roaming\Mozilla\Firefox\Profiles\a40zjtvz.default
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-07] (Intel Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-06]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe
 
Chrome:  
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-23] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-23] (COMODO)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-04-23] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2015-04-07] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2015-04-07] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [37760 2015-04-07] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2015-04-07] (Condusiv Technologies)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-06] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2015-04-07] (Intel Corporation)
S4 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2015-04-07] (CybelSoft)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-23] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-06] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-04-16] (The OpenVPN Project)
R2 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [42336 2015-04-07] (ASUSTek Computer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-02] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2015-04-06] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2015-04-07] (ASUS Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2015-04-07] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2015-04-07] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2015-04-07] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2015-04-07] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2015-04-07] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2015-04-07] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2015-04-07] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2015-04-07] (Condusiv Technologies)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126720 2015-04-01] (COMODO)
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-23] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-06] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2015-04-09] (Realtek Semiconductor Corporation                           )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 14:19 - 2015-05-02 14:20 - 00014186 _____ () C:\Users\alexandre\Desktop\FRST.txt
2015-05-02 14:18 - 2015-05-02 14:19 - 00000000 ____D () C:\FRST
2015-05-02 14:09 - 2015-05-02 14:09 - 02101248 _____ (Farbar) C:\Users\alexandre\Desktop\FRST64.exe
2015-05-02 14:08 - 2015-05-02 14:08 - 00000000 ___SH () C:\DkHyperbootSync
2015-05-02 13:40 - 2015-04-14 03:16 - 00000000 ____D () C:\Users\alexandre\Desktop\processus fantomes
2015-05-02 13:38 - 2015-05-02 13:38 - 00000348 _____ () C:\Windows\setupact.log
2015-05-02 13:38 - 2015-05-02 13:38 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-02 13:37 - 2015-05-02 13:37 - 00337928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-02 13:35 - 2015-05-02 13:35 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-02 13:35 - 2015-05-02 13:35 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-02 13:35 - 2015-05-02 13:35 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-02 13:35 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-02 13:35 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-02 13:35 - 2015-03-13 04:49 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-02 13:35 - 2015-03-13 04:28 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-02 13:35 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-02 13:35 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-02 13:34 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-02 13:22 - 2015-05-02 13:22 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-02 12:56 - 2015-05-02 12:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-02 12:48 - 2015-05-02 12:48 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-02 12:48 - 2015-05-02 12:48 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-23 16:04 - 2015-04-23 16:26 - 00000000 ____D () C:\Users\alexandre\Desktop\windows 10
2015-04-23 14:13 - 2015-04-23 14:13 - 00000000 ____D () C:\Program Files\HashTab Shell Extension
2015-04-23 13:46 - 2015-04-23 13:46 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-04-23 13:46 - 2015-04-23 13:46 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-04-23 13:46 - 2015-04-23 13:46 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-04-23 13:46 - 2015-04-23 13:46 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-23 13:46 - 2015-04-23 13:46 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-04-23 13:45 - 2015-04-23 13:45 - 04179968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-23 13:45 - 2015-04-23 13:45 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-04-23 13:45 - 2015-04-23 13:45 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-04-23 13:45 - 2015-04-23 13:45 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-04-23 13:44 - 2015-04-23 13:44 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-04-23 13:44 - 2015-04-23 13:44 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-04-23 13:44 - 2015-04-23 13:44 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-04-23 13:44 - 2015-04-23 13:44 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-04-23 13:44 - 2015-04-23 13:44 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-04-23 13:37 - 2015-05-02 13:24 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-49093684-1653668079-1334754271-1003
2015-04-23 13:37 - 2015-04-23 13:56 - 00000000 ____D () C:\Program Files (x86)\Slowin Killer
2015-04-23 13:37 - 2015-04-23 13:37 - 01256960 _____ () C:\Users\allo\Downloads\Slowin Killer.exe
2015-04-16 14:55 - 2015-04-16 14:57 - 00000000 ____D () C:\Users\allo\AppData\Roaming\ZHP
2015-04-16 14:37 - 2015-04-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-04-16 14:37 - 2015-04-16 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-04-16 14:37 - 2015-04-16 14:37 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-04-16 14:37 - 2015-04-16 14:37 - 00000000 ____D () C:\Program Files\OpenVPN
2015-04-16 14:35 - 2015-04-16 14:35 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-04-16 14:35 - 2015-04-16 14:35 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-04-16 14:35 - 2015-04-16 14:35 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-04-16 14:35 - 2015-04-16 14:35 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-04-16 03:42 - 2015-04-16 03:47 - 3390862373 _____ () C:\Users\alexandre\Desktop\DCIM_allemagne2.7z
2015-04-16 03:14 - 2015-05-02 13:25 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-04-16 03:14 - 2015-05-02 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-04-16 03:14 - 2015-04-16 03:14 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 03:14 - 2015-04-16 03:14 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 03:14 - 2015-04-16 03:14 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 03:14 - 2015-04-16 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-16 03:14 - 2015-04-16 03:14 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-16 03:14 - 2015-04-16 03:14 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-16 03:14 - 2015-04-16 03:14 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 03:14 - 2015-04-16 03:14 - 00000000 ____D () C:\ProgramData\Sony
2015-04-16 03:14 - 2015-04-16 03:14 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-16 03:06 - 2015-04-16 03:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-04-14 05:23 - 2015-04-14 05:23 - 00387584 _____ () C:\Users\alexandre\Downloads\rescue2usb.exe
2015-04-14 05:03 - 2015-04-23 17:38 - 00000290 __RSH () C:\ProgramData\ntuser.pol
2015-04-14 03:19 - 2015-04-14 03:19 - 26010571 _____ () C:\Users\alexandre\Desktop\processus fantomes.7z
2015-04-14 02:10 - 2015-04-14 02:10 - 00000000 ____D () C:\Users\alexandre\Downloads\ProcessExplorer
2015-04-14 01:51 - 2015-04-14 05:33 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-04-14 01:51 - 2015-04-14 05:33 - 00000000 ____D () C:\Windows\system32\NV
2015-04-14 01:48 - 2015-04-14 01:49 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 01:48 - 2015-04-14 01:49 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-14 01:48 - 2015-04-14 01:49 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-04-13 23:23 - 2015-05-02 14:16 - 00011246 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-04-13 23:23 - 2015-04-13 23:23 - 00000000 ___HD () C:\VTRoot
2015-04-12 17:25 - 2015-05-02 13:30 - 00000000 ____D () C:\Windows\Minidump
2015-04-12 15:13 - 2015-04-23 12:58 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\vlc
2015-04-12 15:09 - 2015-04-12 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-12 15:09 - 2015-04-12 15:09 - 00000000 ____D () C:\Program Files\VideoLAN
2015-04-12 14:22 - 2015-04-12 14:25 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-04-12 14:22 - 2015-04-12 14:23 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-04-12 14:22 - 2015-04-12 14:22 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-04-12 14:16 - 2015-04-12 14:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-12 14:15 - 2015-04-12 14:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-04-12 14:15 - 2015-04-12 14:15 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-04-12 14:04 - 2015-04-23 12:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 14:03 - 2015-04-23 12:52 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-12 14:03 - 2015-04-23 12:52 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-12 14:03 - 2015-04-23 12:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 14:03 - 2015-04-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 14:03 - 2015-04-23 12:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-12 14:03 - 2015-04-12 14:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-12 13:42 - 2015-04-12 13:47 - 00014480 _____ () C:\Windows\system32\Drivers\nvflash.sys
2015-04-12 13:42 - 2015-04-12 13:42 - 00000000 ____D () C:\Users\allo\AppData\Roaming\NVIDIA
2015-04-12 01:12 - 2015-04-12 01:12 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\Wireshark
2015-04-12 00:59 - 2015-04-12 00:59 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Wireshark
2015-04-12 00:26 - 2015-04-12 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-04-12 00:25 - 2015-04-12 00:26 - 00000000 ____D () C:\Program Files\Wireshark
2015-04-12 00:25 - 2015-04-12 00:25 - 00001553 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-04-11 21:50 - 2015-04-11 21:50 - 00000000 ____D () C:\Users\alexandre\AppData\Local\transmission
2015-04-11 21:38 - 2015-04-12 19:59 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\transmission
2015-04-11 21:28 - 2015-05-02 13:25 - 00000000 ____D () C:\Program Files\PeerBlock
2015-04-11 20:19 - 2015-04-11 20:19 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-11 20:19 - 2015-04-11 20:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-11 20:19 - 2015-04-11 20:19 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-11 20:19 - 2015-04-11 20:19 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-11 20:19 - 2015-04-11 20:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-11 19:46 - 2015-04-11 19:49 - 00000000 ____D () C:\Users\alexandre\.zenmap
2015-04-11 19:36 - 2015-05-02 12:55 - 00000000 ____D () C:\Program Files (x86)\Nmap
2015-04-11 19:36 - 2015-04-12 00:26 - 00000000 ____D () C:\Program Files\WinPcap
2015-04-11 15:19 - 2015-04-11 15:19 - 00000000 ____D () C:\Users\alexandre\AppData\Local\Intel_Corporation
2015-04-09 08:44 - 2015-04-12 17:29 - 00000000 ____D () C:\Users\alexandre\VirtualBox VMs
2015-04-09 08:41 - 2015-04-14 01:47 - 00000000 ____D () C:\Users\allo\AppData\Local\NVIDIA Corporation
2015-04-09 08:41 - 2015-04-09 08:41 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Mozilla
2015-04-09 08:41 - 2015-04-09 08:41 - 00000000 ____D () C:\Users\allo\AppData\Local\Mozilla
2015-04-09 08:40 - 2015-04-14 01:47 - 00000000 ____D () C:\Users\allo\AppData\Local\NVIDIA
2015-04-09 08:40 - 2015-04-09 08:43 - 00000000 ____D () C:\Users\allo\.VirtualBox
2015-04-09 08:40 - 2015-04-09 08:40 - 00000000 ____D () C:\Users\allo\AppData\Roaming\AVAST Software
2015-04-09 08:40 - 2015-04-09 08:40 - 00000000 ____D () C:\Users\allo\AppData\Local\VirtualStore
2015-04-09 08:38 - 2015-05-02 13:10 - 00000000 ____D () C:\Users\alexandre\.VirtualBox
2015-04-09 08:37 - 2015-04-09 08:37 - 00922704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-04-09 08:37 - 2015-04-09 08:37 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-04-09 08:37 - 2015-04-09 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-09 08:36 - 2015-04-09 08:36 - 00000000 ____D () C:\Program Files\Oracle
2015-04-08 13:58 - 2015-04-08 15:14 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\Notepad++
2015-04-08 13:55 - 2015-04-08 13:55 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-08 13:55 - 2015-04-08 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-08 13:54 - 2015-04-16 14:38 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Notepad++
2015-04-08 13:54 - 2015-04-08 13:55 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-08 02:32 - 2015-04-08 02:32 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-04-08 02:31 - 2015-04-11 15:19 - 00002060 _____ () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-04-08 02:31 - 2015-04-11 15:19 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2015-04-08 02:15 - 2015-04-08 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-08 02:15 - 2015-04-08 02:15 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-08 02:03 - 2015-04-08 02:03 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Macromedia
2015-04-08 02:02 - 2015-04-09 08:42 - 00000000 ____D () C:\Users\allo\AppData\Local\Packages
2015-04-08 02:02 - 2015-04-08 02:02 - 00001458 _____ () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-08 02:01 - 2015-04-08 02:01 - 00000000 __SHD () C:\Users\allo\AppData\Local\EmieUserList
2015-04-08 02:01 - 2015-04-08 02:01 - 00000000 __SHD () C:\Users\allo\AppData\Local\EmieSiteList
2015-04-08 02:01 - 2015-04-08 02:01 - 00000000 __SHD () C:\Users\allo\AppData\Local\EmieBrowserModeList
2015-04-08 02:01 - 2015-04-08 02:01 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Adobe
2015-04-08 01:47 - 2015-04-12 17:30 - 00000000 ____D () C:\Users\allo
2015-04-08 01:47 - 2015-04-08 01:47 - 00000020 ___SH () C:\Users\allo\ntuser.ini
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\Voisinage réseau
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\Voisinage d'impression
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\Modèles
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\Menu Démarrer
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\Documents\Mes vidéos
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\Documents\Mes images
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\Documents\Ma musique
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-04-08 01:47 - 2015-04-08 01:47 - 00000000 _SHDL () C:\Users\allo\AppData\Local\Historique
2015-04-08 01:47 - 2015-04-06 17:39 - 00000000 ___RD () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-08 01:47 - 2014-11-21 07:56 - 00000000 ___RD () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-08 01:47 - 2014-11-21 07:56 - 00000000 ___RD () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-08 01:47 - 2014-11-21 00:55 - 00000369 _____ () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-08 01:47 - 2014-11-21 00:55 - 00000369 _____ () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-08 01:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\allo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-07 20:38 - 2015-04-07 20:38 - 00000000 ____D () C:\ProgramData\Intel
2015-04-07 20:38 - 2015-04-07 20:37 - 00015168 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2015-04-07 20:37 - 2015-04-07 20:37 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\InstallShield
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_DptfManager_01009.Wdf
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_DptfDevProc_01009.Wdf
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_DptfDevPch_01009.Wdf
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_DptfDevGen_01009.Wdf
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_DptfDevFan_01009.Wdf
2015-04-07 20:36 - 2015-04-07 20:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_DptfDevDram_01009.Wdf
2015-04-07 20:33 - 2015-04-07 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-07 20:33 - 2015-04-07 20:33 - 00000000 ____D () C:\Program Files\ASUS
2015-04-07 20:32 - 2015-04-07 20:32 - 00026024 _____ (Condusiv Technologies) C:\Windows\system32\Drivers\excfs.sys
2015-04-07 20:31 - 2015-04-07 20:31 - 00112552 _____ (Condusiv Technologies) C:\Windows\system32\Drivers\excsd.sys
2015-04-07 20:31 - 2015-04-07 20:31 - 00003540 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2015-04-07 20:31 - 2015-04-07 20:31 - 00000000 ____D () C:\ProgramData\Condusiv Technologies
2015-04-07 20:31 - 2015-04-07 20:31 - 00000000 ____D () C:\Program Files\DIFX
2015-04-07 20:31 - 2015-04-07 20:31 - 00000000 ____D () C:\Program Files\Condusiv Technologies
2015-04-07 20:31 - 2015-04-07 20:31 - 00000000 ____D () C:\Program Files\Common Files\Diskeeper Corporation
2015-04-07 20:30 - 2015-05-02 13:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-07 20:30 - 2015-04-07 20:34 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-07 20:30 - 2015-04-07 20:30 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-04-07 20:30 - 2015-04-07 20:30 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 ____D () C:\Windows\SysWOW64\sda
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-07 20:28 - 2015-04-07 20:28 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-04-07 20:25 - 2015-04-07 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
2015-04-07 20:25 - 2015-04-07 20:25 - 00000000 ____D () C:\ProgramData\ma-config.com
2015-04-07 20:25 - 2015-04-07 20:25 - 00000000 ____D () C:\Program Files\ma-config.com
2015-04-07 20:17 - 2015-04-07 20:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-07 20:17 - 2015-04-07 20:17 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-07 20:17 - 2015-04-07 20:17 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-07 20:17 - 2015-04-07 20:17 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-07 20:17 - 2015-04-07 20:17 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-07 20:17 - 2015-04-07 20:17 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-07 20:17 - 2015-04-07 20:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-07 20:17 - 2015-04-07 20:17 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-07 20:03 - 2015-04-14 02:37 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-07 20:03 - 2015-04-07 20:15 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-07 19:54 - 2015-04-07 20:03 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\ZHP
2015-04-07 19:43 - 2015-04-07 19:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-06 17:39 - 2015-04-07 20:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-06 17:39 - 2015-04-06 17:42 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-06 17:39 - 2015-04-06 17:39 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 17:31 - 2015-04-06 17:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-06 17:16 - 2015-04-16 03:14 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-06 17:16 - 2015-04-16 03:14 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-06 17:05 - 2015-04-16 03:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-06 17:05 - 2015-04-16 03:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-06 17:05 - 2015-04-06 17:05 - 00083861 _____ () C:\Windows\system32\Drivers\RTWAVES30.dat
2015-04-06 17:05 - 2015-04-06 17:05 - 00003152 _____ () C:\Windows\System32\Tasks\RtHDVBg
2015-04-06 17:05 - 2015-04-06 17:05 - 00003146 _____ () C:\Windows\System32\Tasks\RTKCPL
2015-04-06 17:05 - 2015-04-06 17:05 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-06 17:04 - 2015-04-06 17:04 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-06 17:04 - 2015-04-06 17:04 - 00000000 ____D () C:\Program Files\Realtek
2015-04-06 16:55 - 2015-04-06 16:55 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-04-06 16:55 - 2015-04-06 16:55 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-04-06 16:50 - 2015-04-06 16:50 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-04-06 16:50 - 2015-04-06 16:50 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-04-06 16:50 - 2015-04-06 16:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-04-06 16:50 - 2015-04-06 16:50 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-04-06 16:50 - 2015-04-06 16:50 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-04-06 16:38 - 2015-04-06 16:38 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-04-06 16:38 - 2015-04-06 16:38 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-04-06 16:38 - 2015-04-06 16:38 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-06 16:38 - 2015-04-06 16:38 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-04-06 16:38 - 2015-04-06 16:38 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-04-06 16:38 - 2015-04-06 16:38 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-04-06 16:38 - 2015-04-06 16:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-04-06 16:38 - 2015-04-06 16:38 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-04-06 16:38 - 2015-04-06 16:38 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-04-06 16:38 - 2015-04-06 16:38 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-04-06 16:32 - 2015-04-06 16:32 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-06 16:32 - 2015-04-06 16:32 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-06 16:31 - 2015-04-06 16:32 - 00000000 ____D () C:\Users\alexandre\AppData\Local\NVIDIA
2015-04-06 16:31 - 2015-04-06 16:31 - 00000000 ____D () C:\Users\alexandre\AppData\Local\NVIDIA Corporation
2015-04-06 16:30 - 2015-04-06 16:30 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-04-06 16:30 - 2015-04-06 16:30 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-04-06 16:30 - 2015-04-06 16:30 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-04-06 16:30 - 2015-04-06 16:30 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-04-06 16:30 - 2015-04-06 16:30 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-06 16:30 - 2015-04-06 16:30 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-04-06 16:30 - 2015-04-06 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-06 16:30 - 2015-03-28 05:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-06 16:30 - 2015-03-28 05:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-06 16:30 - 2015-03-28 05:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-06 16:30 - 2015-03-28 05:43 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-06 16:26 - 2015-04-14 01:49 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-06 16:26 - 2015-04-06 16:29 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-06 16:26 - 2015-04-06 16:29 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-04-06 16:26 - 2015-04-06 16:29 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-06 16:26 - 2015-04-06 16:27 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-06 16:26 - 2015-04-06 16:26 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-06 16:08 - 2015-05-02 13:23 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-06 16:07 - 2015-05-02 13:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-06 16:07 - 2015-04-06 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-06 16:04 - 2015-04-06 16:04 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2015-04-06 16:04 - 2015-04-06 16:04 - 00000000 ____D () C:\ProgramData\Shared Space
2015-04-06 16:04 - 2015-04-06 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-04-06 16:03 - 2015-04-06 16:03 - 00000000 ____D () C:\Program Files\COMODO
2015-04-06 16:00 - 2015-02-04 01:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-04-06 16:00 - 2015-02-04 01:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-04-06 16:00 - 2015-02-04 01:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-04-06 16:00 - 2015-02-03 01:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-04-06 16:00 - 2015-02-03 01:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-04-06 16:00 - 2015-01-27 05:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-04-06 16:00 - 2015-01-24 03:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-04-06 16:00 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-04-06 16:00 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-06 15:59 - 2015-04-14 01:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 15:59 - 2015-04-06 16:04 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-06 15:58 - 2015-04-14 01:50 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-06 15:58 - 2015-04-08 23:30 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-06 15:58 - 2015-04-08 23:30 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-06 15:58 - 2015-04-08 23:30 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-06 15:58 - 2015-04-08 23:30 - 01047696 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-04-06 15:58 - 2015-04-08 23:30 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-06 15:58 - 2015-04-08 23:30 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-04-06 15:58 - 2015-04-08 23:30 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-06 15:58 - 2015-04-08 19:52 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-06 15:57 - 2015-04-14 01:51 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-06 15:57 - 2015-04-06 16:32 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-06 15:57 - 2015-04-06 16:30 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-06 15:56 - 2015-01-23 09:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-04-06 15:56 - 2015-01-23 07:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-04-06 15:52 - 2015-01-16 00:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-06 15:52 - 2015-01-16 00:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-06 15:52 - 2014-12-19 10:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-06 15:52 - 2014-12-19 10:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-06 15:52 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-06 15:52 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-06 15:51 - 2015-01-29 03:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-04-06 15:51 - 2015-01-29 03:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-04-06 15:51 - 2014-12-09 05:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-06 15:51 - 2014-12-09 03:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-06 15:50 - 2015-02-20 05:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-06 15:50 - 2015-02-20 04:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-06 15:50 - 2015-02-20 04:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-06 15:50 - 2015-02-20 04:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-06 15:50 - 2015-01-31 01:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-04-06 15:50 - 2015-01-31 01:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-04-06 15:50 - 2015-01-31 01:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-06 15:50 - 2015-01-29 03:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-06 15:50 - 2015-01-29 03:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-04-06 15:50 - 2015-01-29 03:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-04-06 15:50 - 2015-01-29 03:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-06 15:50 - 2015-01-29 02:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-06 15:50 - 2015-01-29 02:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-04-06 15:50 - 2015-01-29 02:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-04-06 15:50 - 2015-01-29 02:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-06 15:50 - 2015-01-28 04:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-04-06 15:50 - 2015-01-28 03:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-04-06 15:50 - 2015-01-27 06:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-06 15:50 - 2015-01-27 04:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-06 15:50 - 2014-12-19 08:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-06 15:50 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-06 15:50 - 2014-12-13 23:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-04-06 15:50 - 2014-10-29 03:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-06 15:50 - 2014-10-29 03:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-06 15:50 - 2014-10-29 03:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-06 15:50 - 2014-10-29 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-06 15:50 - 2014-10-29 03:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-06 15:50 - 2014-10-29 03:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-06 15:49 - 2015-04-06 15:49 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-06 15:49 - 2015-04-06 15:49 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-06 15:49 - 2015-02-05 22:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-04-06 15:49 - 2015-02-03 02:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-04-06 15:49 - 2015-02-03 02:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-04-06 15:49 - 2015-01-30 05:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-04-06 15:49 - 2015-01-30 04:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-04-06 15:49 - 2015-01-30 04:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-04-06 15:49 - 2015-01-30 04:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-04-06 15:49 - 2015-01-30 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-04-06 15:49 - 2015-01-30 03:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-04-06 15:49 - 2015-01-30 03:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-04-06 15:49 - 2015-01-30 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-04-06 15:49 - 2015-01-30 03:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-04-06 15:49 - 2015-01-30 03:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-04-06 15:49 - 2015-01-30 03:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-04-06 15:49 - 2015-01-30 03:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-04-06 15:49 - 2015-01-30 03:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-04-06 15:49 - 2015-01-30 03:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-04-06 15:49 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-04-06 15:49 - 2014-12-12 04:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-06 15:49 - 2014-12-06 05:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-04-06 15:49 - 2014-12-06 03:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-06 15:46 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-06 15:46 - 2015-02-21 02:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-04-06 15:46 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-06 15:46 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-06 15:46 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-06 15:46 - 2015-02-20 04:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-04-06 15:46 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-06 15:46 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-06 15:46 - 2015-02-20 03:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-04-06 15:46 - 2015-02-20 03:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-06 15:46 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-06 15:46 - 2015-02-20 03:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-04-06 15:46 - 2015-02-20 03:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-04-06 15:46 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-06 15:46 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-06 15:46 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-06 15:46 - 2015-01-12 03:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-06 15:46 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-06 15:46 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-06 15:45 - 2015-04-06 15:45 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\AVAST Software
2015-04-06 15:45 - 2014-10-31 00:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-04-06 15:45 - 2014-10-31 00:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-06 15:44 - 2015-04-06 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-06 15:43 - 2015-05-02 12:48 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-06 15:43 - 2015-05-02 12:48 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-06 15:43 - 2015-03-03 15:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-06 15:43 - 2015-02-12 19:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-06 15:43 - 2015-02-12 19:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-06 15:43 - 2015-02-08 01:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-04-06 15:43 - 2015-02-08 01:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-04-06 15:43 - 2015-01-29 20:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-06 15:43 - 2015-01-29 20:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-06 15:43 - 2015-01-28 03:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-06 15:43 - 2015-01-28 03:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-06 15:43 - 2015-01-28 01:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-04-06 15:43 - 2015-01-28 01:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-04-06 15:43 - 2014-12-11 07:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-04-06 15:43 - 2014-12-08 21:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-04-06 15:43 - 2014-12-08 21:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-06 15:43 - 2014-12-08 21:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-04-06 15:43 - 2014-12-08 21:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-04-06 15:43 - 2014-12-08 21:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-04-06 15:43 - 2014-12-08 21:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-06 15:43 - 2014-12-08 21:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-04-06 15:43 - 2014-12-08 21:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-04-06 15:43 - 2014-12-06 03:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-04-06 15:43 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-06 15:43 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-06 15:42 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-04-06 15:42 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-06 15:41 - 2015-04-06 15:41 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-06 15:39 - 2015-04-06 15:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-06 15:38 - 2015-04-07 20:38 - 00000000 ____D () C:\Program Files\Intel
2015-04-06 15:38 - 2015-04-07 20:38 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-06 15:38 - 2015-04-06 15:38 - 00000000 ____D () C:\Intel
2015-04-06 15:38 - 2013-10-01 13:02 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-04-06 15:38 - 2013-10-01 13:02 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2015-04-06 15:36 - 2015-05-02 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-06 15:36 - 2015-04-09 07:45 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-06 15:36 - 2015-04-06 15:36 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\Mozilla
2015-04-06 15:36 - 2015-04-06 15:36 - 00000000 ____D () C:\Users\alexandre\AppData\Local\Mozilla
2015-04-06 15:36 - 2015-04-06 15:36 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-06 15:35 - 2015-04-06 15:35 - 00000000 __SHD () C:\Users\alexandre\AppData\Local\EmieUserList
2015-04-06 15:35 - 2015-04-06 15:35 - 00000000 __SHD () C:\Users\alexandre\AppData\Local\EmieSiteList
2015-04-06 15:35 - 2015-04-06 15:35 - 00000000 __SHD () C:\Users\alexandre\AppData\Local\EmieBrowserModeList
2015-04-06 15:35 - 2015-04-06 15:35 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\Macromedia
2015-04-06 15:34 - 2015-04-06 16:01 - 00000000 ____D () C:\ProgramData\HP
2015-04-04 22:22 - 2015-04-06 16:08 - 00000000 ____D () C:\Windows\Panther
2015-04-04 21:37 - 2015-05-02 14:05 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-49093684-1653668079-1334754271-1001
2015-04-04 21:32 - 2015-04-09 08:40 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-04 21:32 - 2015-04-04 21:32 - 00001458 _____ () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-04 21:32 - 2015-04-04 21:32 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\Adobe
2015-04-04 21:31 - 2015-04-13 03:58 - 00000000 ____D () C:\Users\alexandre
2015-04-04 21:31 - 2015-04-11 19:32 - 00000000 ____D () C:\Users\alexandre\AppData\Local\Packages
2015-04-04 21:31 - 2015-04-04 21:31 - 00000020 ___SH () C:\Users\alexandre\ntuser.ini
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\Voisinage réseau
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\Voisinage d'impression
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\Modèles
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\Menu Démarrer
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\Documents\Mes vidéos
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\Documents\Mes images
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\Documents\Ma musique
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 _SHDL () C:\Users\alexandre\AppData\Local\Historique
2015-04-04 21:31 - 2015-04-04 21:31 - 00000000 ____D () C:\Users\alexandre\AppData\Local\VirtualStore
2015-04-04 21:31 - 2014-11-21 07:56 - 00000000 ___RD () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-04 21:31 - 2014-11-21 07:56 - 00000000 ___RD () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-04 21:31 - 2014-11-21 07:56 - 00000000 ___RD () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-04 21:31 - 2014-11-21 00:55 - 00000369 _____ () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-04 21:31 - 2014-11-21 00:55 - 00000369 _____ () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-04 21:31 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-04 21:30 - 2015-05-02 14:11 - 01906067 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Public\Documents\Mes vidéos
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Public\Documents\Mes images
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Public\Documents\Ma musique
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\Voisinage réseau
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\Voisinage d'impression
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\Modèles
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\Menu Démarrer
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\Documents\Mes vidéos
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\Documents\Mes images
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\Documents\Ma musique
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historique
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes vidéos
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default User\Documents\Mes images
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default User\Documents\Ma musique
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historique
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\ProgramData\Modèles
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\ProgramData\Menu Démarrer
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\ProgramData\Bureau
2015-04-04 21:28 - 2015-04-04 21:28 - 00000000 _SHDL () C:\Program Files\Fichiers communs
2015-04-04 21:26 - 2015-04-04 21:26 - 00000000 __SHD () C:\Recovery
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 14:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-02 13:38 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 13:35 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-02 12:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-02 12:49 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-23 17:27 - 2014-11-21 00:46 - 02081596 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 17:27 - 2014-11-21 00:03 - 01039132 _____ () C:\Windows\system32\perfh00C.dat
2015-04-23 17:27 - 2014-11-21 00:03 - 00241544 _____ () C:\Windows\system32\perfc00C.dat
2015-04-23 17:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-04-23 13:48 - 2014-11-21 00:42 - 02473472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-04-23 13:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-04-23 13:48 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-04-16 14:37 - 2014-11-05 15:16 - 00027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-04-16 03:17 - 2013-05-13 00:27 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-04-14 05:03 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-14 05:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-14 03:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 01:49 - 2013-12-10 08:13 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-14 01:49 - 2013-12-10 08:13 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-14 01:49 - 2013-12-10 08:13 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-14 01:49 - 2013-12-10 08:13 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-14 01:49 - 2013-12-10 08:12 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-12 14:16 - 2012-11-06 01:20 - 00092624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110u.dll
2015-04-12 14:16 - 2012-11-06 01:20 - 00073680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc110esn.dll
2015-04-09 08:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-09 08:37 - 2015-03-16 17:35 - 00204264 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2015-04-09 08:37 - 2015-03-16 17:35 - 00156360 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2015-04-09 08:37 - 2015-03-16 17:35 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2015-04-09 08:24 - 2013-08-22 08:57 - 01975000 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2015-04-09 02:58 - 2013-12-10 08:13 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 22:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-07 20:37 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-07 20:36 - 2012-10-01 10:51 - 00363328 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfManager.sys
2015-04-07 20:36 - 2012-10-01 10:51 - 00229184 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevProc.sys
2015-04-07 20:36 - 2012-10-01 10:51 - 00185728 _____ (Intel Corporation) C:\Windows\SysWOW64\DptfInvalidPolicyRemover.exe
2015-04-07 20:36 - 2012-10-01 10:51 - 00107328 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevDram.sys
2015-04-07 20:36 - 2012-10-01 10:51 - 00096576 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevPch.sys
2015-04-07 20:36 - 2012-10-01 10:51 - 00064832 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevGen.sys
2015-04-07 20:36 - 2012-10-01 10:51 - 00042816 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevFan.sys
2015-04-07 20:36 - 2012-10-01 10:51 - 00037760 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyLpmService.exe
2015-04-07 20:36 - 2012-10-01 10:51 - 00031616 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyConfigTDPService.exe
2015-04-07 20:36 - 2012-10-01 10:51 - 00031104 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyCriticalService.exe
2015-04-07 20:36 - 2012-10-01 10:51 - 00030080 _____ (Intel Corporation) C:\Windows\system32\DptfParticipantProcessorService.exe
2015-04-07 20:36 - 2012-10-01 10:51 - 00023360 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyLpmDll.dll
2015-04-07 20:36 - 2012-10-01 10:51 - 00022912 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
2015-04-07 20:36 - 2012-10-01 10:51 - 00022336 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyConfigTDPDll.dll
2015-04-07 20:36 - 2012-10-01 10:51 - 00016704 _____ () C:\Windows\system32\DptfCoInstaller.dll
2015-04-07 20:36 - 2012-10-01 10:51 - 00004362 _____ () C:\Windows\SysWOW64\DptfInvalidPolicyRemover.ini
2015-04-07 20:35 - 2012-12-07 14:45 - 00652344 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-04-07 20:31 - 2012-11-20 09:57 - 00062848 _____ (ASUS Corporation) C:\Windows\system32\Drivers\AsusTP.sys
2015-04-07 20:17 - 2014-11-21 07:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-06 17:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-06 17:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-04-06 17:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2015-04-06 17:08 - 2013-08-14 03:42 - 03837440 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athwbx.sys
2015-04-06 17:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-06 16:58 - 2014-12-11 15:16 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-04-06 16:58 - 2014-12-11 15:16 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-04-06 16:58 - 2014-12-11 15:16 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-04-06 16:58 - 2014-12-11 15:16 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-04-06 16:58 - 2014-12-11 15:16 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-04-06 16:58 - 2014-12-11 15:16 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-04-06 16:58 - 2014-12-11 15:16 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-04-06 16:58 - 2014-12-11 15:16 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 72823296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-04-06 16:58 - 2014-12-11 15:15 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 04351960 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-04-06 16:58 - 2014-12-11 15:15 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 02797936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-04-06 16:58 - 2014-12-11 15:15 - 01289944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00961240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-04-06 16:58 - 2014-12-11 15:15 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-04-06 16:58 - 2014-12-11 15:14 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-04-06 15:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help
2015-04-06 15:40 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-04-04 22:22 - 2013-08-22 17:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-04-04 21:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-04 21:28 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-04 21:26 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\Recovery
 
==================== Files in the root of some directories =======
 
2015-04-06 17:05 - 2015-04-06 17:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-02 14:05
 
==================== End Of Log ============================

Attached Files


Edited by garcimore, 02 May 2015 - 09:20 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 07 May 2015 - 09:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575050 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:02 AM

Posted 24 May 2015 - 07:48 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi garcimore,
 
What are your current issues with the computer?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 garcimore

garcimore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 24 May 2015 - 11:35 AM

Hi xXToffeeXx,

 

thanks for you reply.

 

I am not current issues with my computer. But i  hardly used Windows, i am afraid to use Windows.

 

I do not think i am infected now.

 

 I have a doubt about nvidia drivers, when i upgraded nvidia drivers when  i am reinstalled Windows, i saw three "svchost ghosts processus", i.e. processus without name.

Maybe it is a problem, because I do not use a administrator account, but a normally account.

 

Besides, rarely, i have a message, when i will open a program "c:\Users\alexandre\Downloads\aswMBR.exe Le relais a reçu des données incorrectes" or "c:\Users\alexandre\AppData\Local\Microsoft\Wndows\WinX\Group3\01 -Command Prompt.ink  Non implémenté". Maybe it is simply a Windows bug.

 

In fact, when i was infected,  somestimes, there were " svchost ghosts processus". When there was one "ghosts processus", the processus was "suspend", but when i was two or three "ghosts processus",  the processus used  ports between 4000 to 6000. For exemple, when i used RogueKiller, RogueKiller saw the processus as "bad", but no more. I noticed the boostrap for RogueKIller was "Linux MBR code"

 

When infection was "very" active  ( when i updated addons of VirtualBox in administrator mode,firefox was very slow, and my computerwas very slow too, and a window appeared, told me that it had a problem with 16 bit program) ,  Nvidia did not work normally, and the "ghosts processus" was lauched at windows startup , Comodo had a problem and i need to restart comodo, comodo made a analyse, without find problems and  started. when comodo did not work before restart, I could  not use TDSSKiller, RogueKiller and another security tool, because they loaded in the memory only.

 

Sometimes , security tools were work, but they were very slow , ans when i used RogueKiller, a BSOD "CRITICAL_STRUCTURE_CORRUPTION" appeared. I noticed that boostrap for RogueKiller was "Empty MBR code"

 

I think now I have infected by bootkit, because when i reduced my partition for save partition, Nvidia proposed update Nvidia drivers, without explanations.I thought that it is a fake nvidia, because  I saw many files nvidia with file digital signed with root certificates of two different firm.  Moreover, when i have reduced Windows partition, a window with fsutil appeared, to check my partitions. A little partition of  1MB was restaured, I inquired about a file of this partition  that was part of the System Restore. I do not save that  partition, i have formatted in ext4 partition. however before this act,  when i used  liveCD malekal, it wrote 'Votre corbeille est endommagée, voulez vous la vider ?", but no appeard when i was in windows.

 

I saved the old MBR dump, and now, I ask myself questions about its legitimacy, when I watch the dump with a hexadecimal editor. I'm not an expert, but the dump was weird.

 

For information, the infection look like the same infection regin of belgacomm, described by the intercept. (regin-A in 64 bits)

 

 

Thanks


Edited by garcimore, 24 May 2015 - 11:43 AM.


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:02 AM

Posted 25 May 2015 - 03:06 PM

Hi garcimore,
 

For exemple, when i used RogueKiller, RogueKiller saw the processus as "bad", but no more. I noticed the boostrap for RogueKIller was "Linux MBR code"

Do you have the RogueKiller log? Did you have linux installed on the other operating system?
 

I saved the old MBR dump, and now, I ask myself questions about its legitimacy, when I watch the dump with a hexadecimal editor. I'm not an expert, but the dump was weird.

Where is the mbr dump?
 

I think now I have infected by bootkit

Bootkits are wiped out if you wipe the disk properly.
 
In this current OS, are you having any problems?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 garcimore

garcimore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 26 May 2015 - 10:58 AM

Hi,xXToffeeXx~

 

Thanks for your reply.

 

 

I think now I have infected by bootkit

Bootkits are wiped out if you wipe the disk properly.
 
In this current OS, are you having any problems?

 

 

 

 

In this current OS, it seems I have not problems. I have a Windows partition and Linux partition .

Before I have wiped the disk, i have also Windows partitions and Linux partitions

 

Sometimes, I have some svchost processus without name, and I have not explainations about that.

I think there is a relationship between nvidia update and svchost processus without name, because when Nvidia propose me an upgrade of driver,  svchost processus without name appears.

 

Certainly a "false postitive".

 

Moreover, i saw wireshark logs, and there is no strange packets when i had had before i wiped the disks(hard drive+SSD).

 

The old MBR dump is a backup i have saved before i have wiped the disks (hard drive+SSD), with liveCD.

Now, the mbr is different, and i do not know if you want the old MBR before i have wiped the disks, or the current MBR.

 

it is the same thing about RogueKiller. Do you want the current rapport or the old rapports before i have wisped the disks ?

 

I am sorry, I  should  have been more specific about my explainations.

 

Bests Regards


Edited by garcimore, 26 May 2015 - 10:59 AM.


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:02 AM

Posted 27 May 2015 - 02:30 PM

Hi garcimore,
 

I think there is a relationship between nvidia update and svchost processus without name, because when Nvidia propose me an upgrade of driver,  svchost processus without name appears.

This is definitely likely, as svchost is used to run services, so creating svchost to update a driver makes some sense.
 
Anything else I can help you with?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 garcimore

garcimore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 30 May 2015 - 12:49 AM

​Hi xXToffeeXx~,

​Thanks for your reply.

​I do not think mu computer is infected, however not yet.

​I have a doubt, because GrayFish, but in that case, i will change my hard disk if i see the infection again.

​I will disable SMB, because regin seems to use it, and maybe desactivate the virtualisation in te firmware.

 

​Thanks you very muck xXToffeeXx~



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:02 AM

Posted 31 May 2015 - 01:20 PM

Hi garcimore,
 

​I have a doubt, because GrayFish, but in that case, i will change my hard disk if i see the infection again.

What do you mean by GrayFish?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 garcimore

garcimore
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 31 May 2015 - 03:36 PM

Hi xXToffeeXx~,

 

Thanks for the reply.

 

 


​I have a doubt, because GrayFish, but in that case, i will change my hard disk if i see the infection again.

What do you mean by GrayFish?

 

 

GrayFish is a malware , capable to reprogram the firmware of hard disk for persistent infection.

 

For more information, there is an explaination of secure list (pdf file)

 

the worst, when i am infected, TDSSkiller, rogueKiller , gmer (for try to see hidden process), avast have nothing dectected. Only MBAM pointed me something about rootkit detection, without capable to detect being able to detect infection.

 

Besides, i use user account (no administrator), and i use USBFix to prevent USB infection.

 

 

For computer having a UEFI firmware, normally, the process of a computer boot is different from the computers having a firmware bios, but it is more complicated to understand the mecanism (for me) than a computer, who have a bios firmware.

 

When i am infected before the 'low level wipe",  i saw , with rogueKiller, by three different report at specific time,that the bootstrap and the MBR hash is not the same, maybe it is normal, maybe it is not mormal.

 

 

I saw,  when i am infected, two versions Java (in 64 bits), and it was weird, because I pay attention to these programs, and by accident, Maybe it is perhaps a careless mistake. but i was alert of comodo with java, in relationship with servioo.Besides, few times before, i had  LockScreenContentServer.exe program, before i am detected infection, i had some comodo alert, and i had "blacklisted" the program.

 

 

 

 

Bests Regards


Edited by garcimore, 31 May 2015 - 03:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users