Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scpace Eating Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Soyz

Soyz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 05 June 2016 - 12:22 PM

Hi!

 

So I have an old space eating virus on my pc that McAfee can do nothing about. I said it's an old virus because I got it on my old pc some years ago and now I got it on my new pc from an old external drive. Nope, I'm nor proud of myself about that!

 

So this virus always take free spaces on my c drive. If I make space, he takes it. And I am supposed to have more than 600gb free space. I fixed it some months ago with combofix. Yes, combofix. I dunno why, but it worked. Now, its back, and the combofix scan can fix it for a couple of days before it come back.

 

Help me please! Sorry for the french part in the log! I dont know if I can do something about it.

 

Résultats d'analyse de  Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Exécuté par Soyz (administrateur) sur SOYZ-S-XPS (05-06-2016 12:45:14)
Exécuté depuis C:\Users\Soyz
Profils chargés: Soyz (Profils disponibles: Soyz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: FF)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Mozilla Corporation) X:\Program Files SSD\Mozilla Firefox\firefox.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files\Focusrite\VRM Box\VRMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{D66934D6-0D22-B341-8677-521A26D47F2B}\YSearchUtilSVC.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6560968 2016-05-15] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [combofix] => C:\ComboFix\Combobatch.bat [8272 2016-06-05] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1118936 2016-04-28] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2009-10-14] (PC Tools)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [595616 2016-04-21] (Razer Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-05-31] (Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [combofix] => C:\ComboFix\CF17162.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] => 8
HKLM\...\Winlogon: [Userinit] C:\Windows\explorer.exe,
HKU\S-1-5-21-2723613620-561514515-42565471-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2723613620-561514515-42565471-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2723613620-561514515-42565471-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2723613620-561514515-42565471-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2723613620-561514515-42565471-1000\...\Run: [dualmonitor] => C:\Program Files (x86)\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi)
HKU\S-1-5-21-2723613620-561514515-42565471-1000\...\Run: [Steam] => S:\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
Startup: C:\Users\Soyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitch.lnk [2016-03-13]
ShortcutTarget: AudioSwitch.lnk -> X:\Program Files SSD\AudioSwitch\AudioSwitch.exe ()

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
Tcpip\..\Interfaces\{34875BE2-1B58-4121-BC0C-0CF987712BC8}: [DhcpNameServer] 192.168.0.1 24.201.245.77 24.200.241.37
Tcpip\..\Interfaces\{3CA82BD3-BE8E-4808-9D0C-E8696D268693}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6E62AE81-45A3-4DCA-BA37-3D86F67FA3D5}: [DhcpNameServer] 192.168.0.1 24.200.241.37 24.202.72.13
Tcpip\..\Interfaces\{8DB02ED9-940E-4677-93E4-32D4C60589A7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2723613620-561514515-42565471-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2723613620-561514515-42565471-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D040316-A855B9C56E1&form=CONBDF&conlogo=CT3335450&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE317B6F3-49A3-4B47-BB53-BB5499356CBA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D040316-A855B9C56E1&form=CONBDF&conlogo=CT3335450&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {C18DB5F8-C9C2-4F50-83FE-E86B871B8106} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=C011CA105D20160123&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQJSAtJJu&i=26
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {DB2E2910-35F3-4935-AD02-655EDA76870C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=^NY&apn_dtid=^YYYYYY^YY^CA&apn_uid=04DA797E-BA6C-4A55-80BB-F4CAF3024F56&apn_sauid=EE193C52-7D92-4C0B-8CB0-F13D4894558D
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-08-27] (DVDVideoSoft Ltd.)
BHO-x32: Incredibar.com Helper Object -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> Pas de fichier
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
BHO-x32: Programme d’aide de l’Assistant de connexion au compte Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-08-27] (DVDVideoSoft Ltd.)
BHO-x32: PricePeep -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> Pas de fichier
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} -  Pas de fichier
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-04-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-04-28] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Soyz\AppData\Roaming\Mozilla\Firefox\Profiles\mghlapyn.default
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Pas de fichier]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @g2.com/iggweb3dupdater -> C:\Users\Soyz\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @g2.com/joyconnectshell -> C:\Users\Soyz\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Soyz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Soyz\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Soyz\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Pas de fichier]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-01-27]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-04-24]
FF Extension: Tab Mix Plus - C:\Users\Soyz\AppData\Roaming\Mozilla\Firefox\Profiles\mghlapyn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-05]
FF Extension: Google Translate in Menu (Right Click) - C:\Users\Soyz\AppData\Roaming\Mozilla\Firefox\Profiles\mghlapyn.default\Extensions\@google-translate-menu.xpi [2016-03-19]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-09-19] [non signé]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-06-03] [non signé]
StartMenuInternet: FIREFOX.EXE - X:\Program Files SSD\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://ca.search.yahoo.com/search?fr=mcafee&type=C211CA105D20160313&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-19]
CHR Extension: (Google Docs) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-19]
CHR Extension: (Google Drive) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-19]
CHR Extension: (YouTube) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-19]
CHR Extension: (Google Sheets) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-19]
CHR Extension: (SiteAdvisor) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-03-19]
CHR Extension: (Google Docs hors connexion) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (New tab for Chrome™) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2016-03-19]
CHR Extension: (DVDVideoSoft) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2016-03-19]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-19]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx <non trouvé(e)>
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22]
CHR HKU\S-1-5-21-2723613620-561514515-42565471-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-18]
CHR HKU\S-1-5-21-2723613620-561514515-42565471-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [paoponfhfdfnjgddpnpjkambkcgdaaib] - C:\Users\Soyz\AppData\Local\CRE\paoponfhfdfnjgddpnpjkambkcgdaaib.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [aaaapkoadeoehimjeflihaofcfpbngen] - C:\Users\Soyz\AppData\Local\APN\GoogleCRXs\aaaapkoadeoehimjeflihaofcfpbngen_7.15.2.0.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-22]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-09-16]
CHR HKLM-x32\...\Chrome\Extension: [paoponfhfdfnjgddpnpjkambkcgdaaib] - C:\Users\Soyz\AppData\Local\CRE\paoponfhfdfnjgddpnpjkambkcgdaaib.crx <non trouvé(e)>
StartMenuInternet: Google Chrome.57TLRBFH4ASDQ7TPFWG4JV77XM - C:\Users\Soyz\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [Fichier non signé]
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [247328 2013-01-02] (CyberLink)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [816816 2016-03-01] (FileZilla Project)
S3 GSService; C:\Windows\SysWOW64\GSService.exe [355112 2012-11-29] ()
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [Fichier non signé]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [Fichier non signé]
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2818888 2014-04-01] (CybelSoft)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-04-28] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2009-10-14] (PC Tools)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-05-31] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-19] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-09-22] (SafeNet, Inc.)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-09-22] (SafeNet, Inc.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 VRMService; C:\Program Files\Focusrite\VRM Box\VRMService.exe [194048 2011-02-04] () [Fichier non signé]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{D66934D6-0D22-B341-8677-521A26D47F2B}\YSearchUtilSvc.exe [160536 2015-10-14] (Yahoo Inc.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [Fichier non signé]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [Fichier non signé]
S2 0069991464888355mcinstcleanup; C:\Windows\TEMP\006999~1.EXE -cleanup -nolog [X]

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R2 hmip; C:\Windows\system32\Drivers\hmip64.sys [30056 2013-06-19] (Hide My IP)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [Fichier non signé]
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [Fichier non signé]
S3 RDID1102; C:\Windows\System32\Drivers\rdwm1102.sys [81920 2009-09-18] (Roland Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
R3 TuneConvertAudio; C:\Windows\System32\drivers\TuneConvertAudio.sys [34088 2012-11-30] (Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 vrm; C:\Windows\System32\DRIVERS\vrm.sys [238080 2011-02-04] (Focusrite Audio Engineering Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-06-05 12:45 - 2016-06-05 12:47 - 00034360 _____ C:\Users\Soyz\FRST.txt
2016-06-05 12:44 - 2016-06-05 12:45 - 00000000 ____D C:\FRST
2016-06-05 12:44 - 2016-06-05 12:44 - 02384896 _____ (Farbar) C:\Users\Soyz\FRST64.exe
2016-06-05 11:59 - 2016-06-05 12:13 - 00000000 ___SD C:\ComboFix
2016-06-04 21:39 - 2016-06-04 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
2016-06-04 21:32 - 2016-06-04 21:32 - 00000000 ___RD C:\Users\Soyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-06-04 21:14 - 2016-06-04 21:14 - 05659224 ____R (Swearware) C:\Users\Soyz\ComboFix.exe
2016-06-03 22:49 - 2016-06-04 18:13 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-06-02 13:40 - 2016-06-02 13:40 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-02 13:40 - 2016-06-02 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-02 13:40 - 2016-06-02 13:40 - 00000000 ____D C:\Program Files\iPod
2016-06-02 13:28 - 2016-06-02 13:28 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-05-20 15:13 - 2016-05-20 15:14 - 12441654 _____ C:\Users\Soyz\Documents\impots 2015.bmp
2016-05-19 09:02 - 2016-05-19 09:02 - 00084477 _____ C:\Users\Soyz\Documents\Intel i7 3770 compatible boards.pdf
2016-05-17 19:00 - 2016-05-17 19:00 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-15 22:17 - 2016-05-15 22:17 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-05-15 22:17 - 2016-05-15 22:17 - 00141280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-05-15 22:17 - 2016-05-15 22:17 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-05-15 22:17 - 2016-05-15 22:17 - 00122704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-05-15 22:17 - 2016-05-15 22:17 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-05-15 22:17 - 2016-05-15 22:17 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-05-15 22:17 - 2016-05-15 22:17 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-05-15 22:17 - 2016-05-15 22:17 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-05-15 22:14 - 2016-05-15 22:14 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-05-15 22:11 - 2016-05-15 22:11 - 27012096 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-05-15 22:05 - 2016-05-15 22:05 - 08655360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-05-15 22:01 - 2016-05-15 22:01 - 48616960 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-05-15 22:01 - 2016-05-15 22:01 - 06914048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-05-15 22:01 - 2016-05-15 22:01 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-05-15 22:00 - 2016-05-15 22:00 - 38098944 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-05-15 21:59 - 2016-05-15 21:59 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-15 21:59 - 2016-05-15 21:59 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-15 21:57 - 2016-05-15 21:57 - 27433472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-05-15 21:57 - 2016-05-15 21:57 - 21600768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-05-15 21:42 - 2016-05-15 21:42 - 30188032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-05-15 21:40 - 2016-05-15 21:40 - 00730112 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-05-15 21:39 - 2016-05-15 21:39 - 06965248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-05-15 21:39 - 2016-05-15 21:39 - 00605696 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-05-15 21:39 - 2016-05-15 21:39 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-05-15 21:39 - 2016-05-15 21:39 - 00117760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-05-15 21:38 - 2016-05-15 21:38 - 00865280 _____ (AMD) C:\Windows\system32\coinst_16.20.dll
2016-05-15 21:38 - 2016-05-15 21:38 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-05-15 21:38 - 2016-05-15 21:38 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-05-15 21:35 - 2016-05-15 21:35 - 05643776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-05-15 21:35 - 2016-05-15 21:35 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-05-15 21:35 - 2016-05-15 21:35 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-05-15 21:35 - 2016-05-15 21:35 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2016-05-15 21:34 - 2016-05-15 21:34 - 24836096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-05-15 21:32 - 2016-05-15 21:32 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-05-15 21:32 - 2016-05-15 21:32 - 00711464 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-05-15 21:32 - 2016-05-15 21:32 - 00711464 _____ C:\Windows\system32\atiapfxx.blb
2016-05-15 21:32 - 2016-05-15 21:32 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-05-15 21:32 - 2016-05-15 21:32 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-05-15 21:32 - 2016-05-15 21:32 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-05-15 21:32 - 2016-05-15 21:32 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-05-15 21:32 - 2016-05-15 21:32 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-05-15 21:32 - 2016-05-15 21:32 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-05-15 21:32 - 2016-05-15 21:32 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-05-15 21:31 - 2016-05-15 21:31 - 14302720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-05-15 21:30 - 2016-05-15 21:30 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-05-15 21:27 - 2016-05-15 21:27 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-05-15 21:27 - 2016-05-15 21:27 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-05-15 21:27 - 2016-05-15 21:27 - 00306688 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-05-15 21:27 - 2016-05-15 21:27 - 00274432 _____ C:\Windows\system32\dgtrayicon.exe
2016-05-15 21:27 - 2016-05-15 21:27 - 00270336 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-05-15 21:27 - 2016-05-15 21:27 - 00258560 _____ C:\Windows\system32\GameManager64.dll
2016-05-15 21:27 - 2016-05-15 21:27 - 00230912 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-05-15 21:27 - 2016-05-15 21:27 - 00212480 _____ C:\Windows\system32\atieah64.exe
2016-05-15 21:27 - 2016-05-15 21:27 - 00202752 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-05-15 21:27 - 2016-05-15 21:27 - 00190464 _____ C:\Windows\SysWOW64\atieah32.exe
2016-05-15 21:27 - 2016-05-15 21:27 - 00093696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-05-15 21:25 - 2016-05-15 21:25 - 00119808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-05-15 21:25 - 2016-05-15 21:25 - 00101376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-05-15 21:25 - 2016-05-15 21:25 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-05-15 21:24 - 2016-05-15 21:24 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-05-15 21:24 - 2016-05-15 21:24 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-05-15 21:24 - 2016-05-15 21:24 - 00497664 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-05-15 21:24 - 2016-05-15 21:24 - 00185344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-05-15 21:24 - 2016-05-15 21:24 - 00159232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-05-15 21:24 - 2016-05-15 21:24 - 00106496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-05-15 21:24 - 2016-05-15 21:24 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-05-15 21:24 - 2016-05-15 21:24 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-05-15 21:22 - 2016-05-15 21:22 - 00251392 _____ C:\Windows\system32\hsa-thunk64.dll
2016-05-15 21:22 - 2016-05-15 21:22 - 00217088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-05-13 00:44 - 2016-05-13 00:44 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-10 21:54 - 2016-05-12 23:30 - 00000000 ____D C:\Users\Soyz\Documents\Custom Pc Case
2016-05-10 16:24 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-10 16:24 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-10 16:24 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-10 16:24 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-10 16:24 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-10 16:24 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-10 16:24 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-10 16:24 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-10 16:24 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-10 16:24 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-10 16:24 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-10 16:24 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-10 16:24 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-10 16:24 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-10 16:24 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-10 16:24 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-10 16:24 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-10 16:24 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-10 16:24 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-10 16:24 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-10 16:24 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-10 16:24 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-10 16:24 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-10 16:24 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-10 16:24 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-10 16:24 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-10 16:24 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-10 16:24 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-10 16:24 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-10 16:24 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-10 16:24 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-10 16:24 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-10 16:24 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-10 16:24 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-10 16:24 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-10 16:24 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-10 16:24 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-10 16:24 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-10 16:24 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-10 16:24 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-10 16:24 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-10 16:24 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-10 16:24 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-10 16:24 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-10 16:24 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-10 16:24 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-10 16:24 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-10 16:24 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-10 16:24 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-10 16:24 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-10 16:24 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-10 16:24 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-10 16:24 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-10 16:24 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-10 16:24 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-10 16:24 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-10 16:24 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-10 16:24 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-10 16:24 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-10 16:24 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-10 16:24 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-10 16:24 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-10 16:24 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-10 16:24 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-10 16:24 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-10 16:24 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-10 16:24 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-10 16:24 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-10 16:24 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-10 16:24 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-10 16:24 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-10 16:24 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-10 16:24 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-10 16:24 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-10 16:24 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-10 16:24 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-10 16:24 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-10 16:24 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-10 16:24 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-10 16:24 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-10 16:24 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-10 16:24 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-10 16:24 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-10 16:24 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-10 16:24 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 16:24 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-10 16:24 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-10 16:24 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-10 16:24 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-10 16:24 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-10 16:24 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-10 16:24 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-10 16:24 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-10 16:24 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-10 16:24 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-10 16:24 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-10 16:24 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-10 16:24 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-10 16:24 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-10 16:24 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-10 16:24 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-10 16:24 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-10 16:24 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-06-05 12:45 - 2016-03-19 02:34 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-05 12:45 - 2012-08-27 20:10 - 00000000 ____D C:\Users\Soyz
2016-06-05 12:44 - 2012-09-15 21:03 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-05 12:30 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-05 12:30 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-05 12:21 - 2016-03-13 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-06-05 12:16 - 2016-03-19 02:34 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-05 12:15 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-05 12:14 - 2009-07-13 22:34 - 47710208 _____ C:\Windows\system32\config\components.bak
2016-06-05 12:14 - 2009-07-13 22:34 - 39845888 _____ C:\Windows\system32\config\system.bak
2016-06-05 12:14 - 2009-07-13 22:34 - 158597120 _____ C:\Windows\system32\config\software.bak
2016-06-05 12:14 - 2009-07-13 22:34 - 06291456 _____ C:\Windows\system32\config\default.bak
2016-06-05 12:14 - 2009-07-13 22:34 - 00065536 _____ C:\Windows\system32\config\sam.bak
2016-06-05 12:14 - 2009-07-13 22:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2016-06-05 12:13 - 2016-03-11 20:10 - 00000000 ____D C:\Windows\erdnt
2016-06-05 12:08 - 2016-03-13 05:52 - 00000000 ____D C:\Users\Soyz\AppData\Local\CrashDumps
2016-06-05 11:59 - 2016-03-11 20:12 - 00000000 ____D C:\Qoobox
2016-06-05 01:26 - 2014-02-26 02:13 - 00000591 _____ C:\Windows\Tasks\Geek Tech Tool Box_sch_1410234E-9EAD-11E3-8814-E006E67F2306.job
2016-06-04 21:39 - 2016-03-10 21:35 - 00000000 ____D C:\Users\Soyz\AppData\Roaming\PlaysTV
2016-06-04 21:33 - 2014-06-24 11:09 - 00000000 ____D C:\Users\Soyz\AppData\Roaming\Raptr
2016-06-04 21:32 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-06-04 21:09 - 2016-03-13 05:48 - 00000000 ____D C:\Users\Soyz\AppData\Local\Apps\2.0
2016-06-04 18:00 - 2014-01-25 12:36 - 00000458 _____ C:\Windows\Tasks\Geek Tech Registration3.job
2016-06-04 02:04 - 2016-03-14 21:03 - 00000000 ____D C:\Users\Soyz\AppData\Roaming\TS3Client
2016-06-04 00:00 - 2016-03-26 23:22 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-06-03 19:57 - 2016-03-12 23:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 21:01 - 2014-08-02 14:52 - 00003422 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-06-02 13:40 - 2015-03-07 20:28 - 00000000 ____D C:\Program Files\iTunes
2016-06-02 13:40 - 2012-09-22 17:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-06-02 13:40 - 2012-08-28 15:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-02 13:39 - 2012-08-27 20:58 - 00000000 ____D C:\ProgramData\McAfee
2016-06-02 13:38 - 2012-08-27 20:58 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-06-02 13:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-02 13:25 - 2012-08-27 20:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-06-01 01:13 - 2014-01-25 12:35 - 00000414 _____ C:\Windows\Tasks\Geek Tech Update3.job
2016-05-30 16:43 - 2013-10-06 08:34 - 00000000 ____D C:\Users\Soyz\Documents\Cartes de temps
2016-05-30 02:54 - 2016-03-13 03:14 - 00072664 _____ C:\Users\Soyz\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-26 03:03 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 03:03 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-17 23:23 - 2015-11-30 13:42 - 00004238 _____ C:\Windows\System32\Tasks\AMD Updater
2016-05-17 19:00 - 2016-03-30 20:31 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-17 19:00 - 2015-11-30 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-05-17 18:44 - 2014-06-24 11:06 - 00000000 ____D C:\Program Files\AMD
2016-05-17 18:42 - 2012-09-01 21:56 - 00000000 ____D C:\AMD
2016-05-17 18:17 - 2016-03-15 00:34 - 00000000 ____D C:\Users\Soyz\AppData\Roaming\SoftGrid Client
2016-05-15 22:17 - 2012-07-27 22:15 - 01241296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-05-15 22:17 - 2012-07-27 22:13 - 01510144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-05-15 22:17 - 2012-07-27 22:07 - 08873608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-05-15 22:17 - 2012-07-27 21:51 - 10689528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-05-15 22:17 - 2012-07-27 21:13 - 00166488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-05-15 22:17 - 2012-07-27 21:13 - 00150544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-05-15 22:17 - 2012-07-27 21:13 - 00137136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-05-15 22:17 - 2012-07-27 21:13 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-05-15 22:16 - 2015-12-04 13:44 - 09798560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-05-15 22:16 - 2015-12-04 13:44 - 08577456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-05-15 22:16 - 2012-07-28 00:09 - 06999496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-05-15 22:16 - 2012-07-27 21:32 - 08865344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-05-15 21:27 - 2016-03-21 09:49 - 00223744 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-05-15 21:24 - 2015-12-04 12:43 - 01304576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-05-13 00:44 - 2012-09-15 21:03 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 00:44 - 2012-09-15 21:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 00:44 - 2012-09-15 21:03 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 18:06 - 2016-03-19 02:35 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 03:04 - 2014-12-11 04:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-11 07:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-05-10 20:53 - 2014-12-23 16:49 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-10 20:40 - 2016-03-19 02:34 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 20:40 - 2016-03-19 02:34 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 17:11 - 2012-08-28 00:02 - 00829584 _____ C:\Windows\system32\perfh00C.dat
2016-05-10 17:11 - 2012-08-28 00:02 - 00180842 _____ C:\Windows\system32\perfc00C.dat
2016-05-10 17:11 - 2009-07-14 01:13 - 01889114 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-10 17:05 - 2009-07-14 00:45 - 04849232 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-10 17:01 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 16:56 - 2013-07-12 03:04 - 00000000 ____D C:\Windows\system32\MRT
2016-05-10 16:35 - 2012-08-30 00:28 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 15:57 - 2016-04-23 21:25 - 00000000 ____D C:\Users\Soyz\AppData\Local\ContraptionMaker
2016-05-10 15:57 - 2016-04-17 23:32 - 00000000 ____D C:\Users\Soyz\AppData\Local\Warframe
2016-05-10 15:57 - 2016-04-17 22:07 - 00000000 ____D C:\Users\Soyz\Downloads\idle_master
2016-05-10 15:57 - 2016-03-20 00:38 - 00000000 ____D C:\Users\Soyz\AppData\Roaming\HpUpdate
2016-05-10 15:57 - 2013-01-26 19:47 - 00000000 ____D C:\Windows\Minidump
2016-05-10 15:57 - 2013-01-22 23:55 - 00000000 ____D C:\Users\Soyz\AppData\Roaming\.minecraft
2016-05-07 19:39 - 2016-04-12 01:51 - 00001986 _____ C:\Users\Soyz\Desktop\                           .lnk
2016-05-07 19:28 - 2013-12-24 11:28 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2016-05-06 21:54 - 2014-04-11 22:27 - 00000000 ____D C:\Users\Soyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Fichiers à la racine de certains dossiers =======

2016-05-05 22:32 - 2016-05-05 22:32 - 0169426 _____ () C:\Users\Soyz\AppData\Local\recently-used.xbel
2016-04-04 02:43 - 2016-04-04 20:06 - 0007597 _____ () C:\Users\Soyz\AppData\Local\Resmon.ResmonCfg
2014-02-05 16:07 - 2014-02-05 16:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-10-27 16:41 - 2012-10-27 16:41 - 0004943 _____ () C:\ProgramData\mtbjfghn.xbe
2014-06-19 21:39 - 2014-06-19 21:39 - 0010375 _____ () C:\ProgramData\regid.2008-04.com.caricaturesoft_4ECD9E60-F79E-481F-B428-F04A7E9EF846.swidtag

Fichiers à déplacer ou supprimer:
====================
C:\Users\Soyz\ComboFix.exe
C:\Users\Soyz\FRST64.exe


==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-05-10 20:12

==================== Fin de FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:24 AM

Posted 06 June 2016 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these applications via the Control Panel > Programs > Programs and Features applet.

Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
jZip (HKLM-x32\...\jZip) (Version: - Bandoo Media Inc.) <==== ATTENTION
système de mise à jour de Ask Toolbar Updater (HKU\S-1-5-21-2723613620-561514515-42565471-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.44892 - Ask.com) <==== ATTENTION
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
===

Do you need to run explorer at logon.
HKLM\...\Winlogon: [Userinit] C:\Windows\explorer.exe,
You can disable it using the MSCONFIG tool.
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [combofix] => C:\ComboFix\Combobatch.bat [8272 2016-06-05] ()
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [combofix] => C:\ComboFix\CF17162.3XE /c C:\ComboFixCombobatch.bat
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2723613620-561514515-42565471-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D040316-A855B9C56E1&form=CONBDF&conlogo=CT3335450&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE317B6F3-49A3-4B47-BB53-BB5499356CBA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D040316-A855B9C56E1&form=CONBDF&conlogo=CT3335450&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6PQJSAtJJu&i=26
SearchScopes: HKU\S-1-5-21-2723613620-561514515-42565471-1000 -> {DB2E2910-35F3-4935-AD02-655EDA76870C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=^NY&apn_dtid=^YYYYYY^YY^CA&apn_uid=04DA797E-BA6C-4A55-80BB-F4CAF3024F56&apn_sauid=EE193C52-7D92-4C0B-8CB0-F13D4894558D
BHO-x32: Incredibar.com Helper Object -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> Pas de fichier
BHO-x32: PricePeep -> {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -> Pas de fichier
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} -  Pas de fichier
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @g2.com/iggweb3dupdater -> C:\Users\Soyz\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @g2.com/joyconnectshell -> C:\Users\Soyz\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Soyz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Soyz\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Pas de fichier]
FF Plugin HKU\S-1-5-21-2723613620-561514515-42565471-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Soyz\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Pas de fichier]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox => non trouvé(e)
CHR Extension: (New tab for Chrome) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2016-03-19]
CHR Extension: (DVDVideoSoft) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2016-03-19]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx <non trouvé(e)>
CHR HKU\S-1-5-21-2723613620-561514515-42565471-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-18]
CHR HKU\S-1-5-21-2723613620-561514515-42565471-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [paoponfhfdfnjgddpnpjkambkcgdaaib] - C:\Users\Soyz\AppData\Local\CRE\paoponfhfdfnjgddpnpjkambkcgdaaib.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [aaaapkoadeoehimjeflihaofcfpbngen] - C:\Users\Soyz\AppData\Local\APN\GoogleCRXs\aaaapkoadeoehimjeflihaofcfpbngen_7.15.2.0.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx <non trouvé(e)>
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-09-16]
CHR HKLM-x32\...\Chrome\Extension: [paoponfhfdfnjgddpnpjkambkcgdaaib] - C:\Users\Soyz\AppData\Local\CRE\paoponfhfdfnjgddpnpjkambkcgdaaib.crx <non trouvé(e)>
StartMenuInternet: Google Chrome.57TLRBFH4ASDQ7TPFWG4JV77XM - C:\Users\Soyz\AppData\Local\Google\Chrome\Application\chrome.exe
S2 0069991464888355mcinstcleanup; C:\Windows\TEMP\006999~1.EXE -cleanup -nolog [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {8C3225D5-1FFB-42FE-83B1-1D9D5D3F9D3E} - System32\Tasks\Geek Tech Tool Box_sch_1410234E-9EAD-11E3-8814-E006E67F2306 => C:\Program Files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe [2014-01-30] (Geek Tech) <==== ATTENTION
Task: {D89745EB-BBD4-4CFD-B00B-BAA18744521C} - System32\Tasks\Geek Tech Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\Geek Tech\UUS3\UUS3.dll" RunUns
Task: C:\Windows\Tasks\Geek Tech Registration3.job => rundll32.exe  C:\Program Files (x86)\Common Files\Geek Tech\UUS3\UUS3.dll
Task: C:\Windows\Tasks\Geek Tech Tool Box_sch_1410234E-9EAD-11E3-8814-E006E67F2306.job => C:\Program Files (x86)\Geek Tech\Geek Tech Tool Box\geektechtoolbox.exe <==== ATTENTION
Task: C:\Windows\Tasks\Geek Tech Update3.job => C:\Program Files (x86)\Common Files\Geek Tech\UUS3\Update3.exe
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [302]
AlternateDataStreams: C:\Users\Soyz\Documents\atome crochu.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Soyz\Documents\atome crochu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Soyz\Documents\atti.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\Soyz\Documents\atti.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
C:\Users\Soyz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Let me know if the problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:24 AM

Posted 12 June 2016 - 07:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users