Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Very Very Slow !

Started by Tips2013 , Sep 09 2013 04:15 AM

Please log in to reply

#1
Tips2013

Posted 09 September 2013 - 04:15 AM

New Member

Member
9 posts

hello, I use windows 7 and my internet is very very slow !

I need an expert for analyze my computer please and clean my system

#2
RKinner

Posted 09 September 2013 - 11:39 AM

Malware Expert

Expert
24,625 posts

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.

Pause your anti-virus. Close all browsers.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron

#3
Tips2013

Posted 12 September 2013 - 09:07 PM

New Member

Topic Starter
Member
9 posts

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-13 04:35:45
-----------------------------
04:35:45.416 OS Version: Windows 6.1.7601 Service Pack 1
04:35:45.416 Number of processors: 2 586 0x2A07
04:35:45.418 ComputerName: PHILOU-ORDI UserName:
04:35:48.374 Initialize success
04:36:10.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:36:10.360 Disk 0 Vendor: WDC_WD7500BPVT-22HXZT3 01.01A01 Size: 715404MB BusType: 3
04:36:10.474 Disk 0 MBR read successfully
04:36:10.480 Disk 0 MBR scan
04:36:10.486 Disk 0 Windows 7 default MBR code
04:36:10.492 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
04:36:10.509 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715052 MB offset 718848
04:36:10.514 Disk 0 scanning sectors +1465145344
04:36:10.584 Disk 0 scanning C:\Windows\system32\drivers
04:36:13.925 Service scanning
04:36:18.296 Service MpKslbc0c2675 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66E0E584-9702-437E-B580-D50DF754BE4B}\MpKslbc0c2675.sys **LOCKED** 32
04:36:24.057 Modules scanning
04:36:32.949 Scan finished successfully
04:36:41.718 Disk 0 MBR has been saved successfully to "C:\Users\philoubreizh\Desktop\MBR.dat"
04:36:41.723 The log file has been saved successfully to "C:\Users\philoubreizh\Desktop\aswMBR.txt"

#4
Tips2013

Posted 12 September 2013 - 09:07 PM

New Member

Topic Starter
Member
9 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Ultimate x86
Ran by philoubreizh on 13/09/2013 at 4:32:49,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\philoubreizh\appdata\local\adawarebp"

~~~ FireFox

Emptied folder: C:\Users\philoubreizh\AppData\Roaming\mozilla\firefox\profiles\curveajc.default\minidumps [5 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/09/2013 at 4:34:19,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5
Tips2013

Posted 12 September 2013 - 09:08 PM

New Member

Topic Starter
Member
9 posts

# AdwCleaner v3.003 - Rapport créé le 13/09/2013 à 04:26:29
# Mis à jour le 07/09/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nom d'utilisateur : philoubreizh - PHILOU-ORDI
# Exécuté depuis : C:\Users\philoubreizh\Desktop\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

***** [ Raccourcis ] *****

***** [ Registre ] *****

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (fr)

[ Fichier : C:\Users\philoubreizh\AppData\Roaming\Mozilla\Firefox\Profiles\curveajc.default\prefs.js ]

[ Fichier : C:\Users\philoubreizh\AppData\Roaming\Mozilla\Firefox\Profiles\lnibdjb4.default\prefs.js ]

*************************

AdwCleaner[R2].txt - [936 octets] - [13/09/2013 04:25:53]
AdwCleaner[S2].txt - [858 octets] - [13/09/2013 04:26:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [917 octets] ##########

#6
Tips2013

Posted 12 September 2013 - 09:08 PM

New Member

Topic Starter
Member
9 posts

Summary
Operating System
Windows 7 Édition Intégrale 32-bit SP1
CPU
Intel Pentium B960 @ 2.20GHz 46 °C
Sandy Bridge 32nm Technology
RAM
4,00 Go Single-Channel DDR3 @ 665MHz (9-9-9-24)
Motherboard
Packard Bell EG50_HC_HR (U3E1)
Graphics
Moniteur Plug-and-Play générique (1366x768@60Hz)
Intel HD Graphics (Acer Incorporated [ALI])
Hard Drives
699GB Western Digital WDC WD7500BPVT-22HXZT3 ATA Device (SATA) 35 °C
Optical Drives
Slimtype DVD A DS8A9SH ATA Device
Audio
Périphérique High Definition Audio
Operating System
Windows 7 Édition Intégrale 32-bit SP1
Computer type: Notebook
Installation Date: 01/09/2013 08:27:32
Serial Number: ***********************
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Enabled
Windows Update
AutoUpdate Disabled
Windows Defender
Windows Defender Disabled
Antivirus
Antivirus Enabled
Company Name Microsoft
Display Name Microsoft Security Essentials
Product Version 4.3.216.0
Virus Signature Database Up to date
.NET Frameworks installed
v2.0 SP2
Internet Explorer
Version 10.0.9200.16660
PowerShell
Version 2.0
Environment Variables
USERPROFILE C:\Users\philoubreizh
SystemRoot C:\Windows
User Variables
TEMP C:\Users\philoubreizh\AppData\Local\Temp
TMP C:\Users\philoubreizh\AppData\Local\Temp
PATH
Machine Variables
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE x86
TEMP C:\Windows\TEMP
TMP C:\Windows\TEMP
USERNAME SYSTEM
windir C:\Windows
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 2
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER x86 Family 6 Model 42 Stepping 7, GenuineIntel
PROCESSOR_REVISION 2a07
windows_tracing_flags 3
Battery
AC Line Online
Battery Charge % Unknown
Battery State No Battery
Remaining Battery Time Unknown
Power Profile
Active power scheme Usage normal
Hibernation Enabled
Turn Off Monitor after: (On AC Power) Never
Turn Off Monitor after: (On Battery Power) Never
Turn Off Hard Disk after: (On AC Power) 20 min
Turn Off Hard Disk after: (On Battery Power) 10 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) Never
Screen saver Disabled
Uptime
Current Session
Current Time 13/09/2013 04:41:46
Current Uptime 896 sec (0 d, 00 h, 14 m, 56 s)
Last Boot Time 13/09/2013 04:26:50
TimeZone
TimeZone GMT +1:00 Hours
Language Français (France)
Location France
Format Français (France)
Currency €
Date Format dd/MM/yyyy
Time Format HH:mm:ss
Process List
audiodg.exe
Process ID 1008
User SERVICE LOCAL
Domain AUTORITE NT
Memory Usage 14 MB
Peak Memory Usage 14 MB
conhost.exe
Process ID 1500
User Système
Domain AUTORITE NT
Path C:\Windows\system32\conhost.exe
Memory Usage 2,11 MB
Peak Memory Usage 2,11 MB
csrss.exe
Process ID 348
User Système
Domain AUTORITE NT
Path C:\Windows\system32\csrss.exe
Memory Usage 3,22 MB
Peak Memory Usage 34 MB
csrss.exe
Process ID 400
User Système
Domain AUTORITE NT
Path C:\Windows\system32\csrss.exe
Memory Usage 22 MB
Peak Memory Usage 40 MB
dllhost.exe
Process ID 2972
User philoubreizh
Domain PHILOU-ORDI
Path C:\Windows\system32\DllHost.exe
Memory Usage 5,25 MB
Peak Memory Usage 5,25 MB
dwm.exe
Process ID 1452
User philoubreizh
Domain PHILOU-ORDI
Path C:\Windows\system32\Dwm.exe
Memory Usage 36 MB
Peak Memory Usage 46 MB
explorer.exe
Process ID 3324
User philoubreizh
Domain PHILOU-ORDI
Path C:\Windows\explorer.exe
Memory Usage 36 MB
Peak Memory Usage 39 MB
firefox.exe
Process ID 3772
User philoubreizh
Domain PHILOU-ORDI
Path C:\Program Files\Mozilla Firefox\firefox.exe
Memory Usage 330 MB
Peak Memory Usage 342 MB
FlashPlayerPlugin_11_8_800_94.exe
Process ID 3372
User philoubreizh
Domain PHILOU-ORDI
Path C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
Memory Usage 8,90 MB
Peak Memory Usage 8,91 MB
FlashPlayerPlugin_11_8_800_94.exe
Process ID 824
User philoubreizh
Domain PHILOU-ORDI
Path C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
Memory Usage 39 MB
Peak Memory Usage 47 MB
lsass.exe
Process ID 512
User Système
Domain AUTORITE NT
Path C:\Windows\system32\lsass.exe
Memory Usage 7,10 MB
Peak Memory Usage 7,12 MB
lsm.exe
Process ID 520
User Système
Domain AUTORITE NT
Path C:\Windows\system32\lsm.exe
Memory Usage 2,85 MB
Peak Memory Usage 2,90 MB
MsMpEng.exe
Process ID 792
User Système
Domain AUTORITE NT
Path c:\Program Files\Microsoft Security Client\MsMpEng.exe
Memory Usage 69 MB
Peak Memory Usage 385 MB
msseces.exe
Process ID 364
User philoubreizh
Domain PHILOU-ORDI
Path C:\Program Files\Microsoft Security Client\msseces.exe
Memory Usage 31 MB
Peak Memory Usage 32 MB
NisSrv.exe
Process ID 2264
User SERVICE LOCAL
Domain AUTORITE NT
Path c:\Program Files\Microsoft Security Client\NisSrv.exe
Memory Usage 4,25 MB
Peak Memory Usage 7,96 MB
plugin-container.exe
Process ID 3432
User philoubreizh
Domain PHILOU-ORDI
Path C:\Program Files\Mozilla Firefox\plugin-container.exe
Memory Usage 17 MB
Peak Memory Usage 17 MB
SbieCtrl.exe
Process ID 392
User philoubreizh
Domain PHILOU-ORDI
Path C:\Program Files\Sandboxie\SbieCtrl.exe
Memory Usage 8,97 MB
Peak Memory Usage 8,97 MB
SbieSvc.exe
Process ID 1168
User Système
Domain AUTORITE NT
Path C:\Program Files\Sandboxie\SbieSvc.exe
Memory Usage 3,27 MB
Peak Memory Usage 3,29 MB
services.exe
Process ID 504
User Système
Domain AUTORITE NT
Path C:\Windows\system32\services.exe
Memory Usage 9,04 MB
Peak Memory Usage 9,79 MB
smss.exe
Process ID 256
User Système
Domain AUTORITE NT
Path \SystemRoot\System32\smss.exe
Memory Usage 824 KB
Peak Memory Usage 844 KB
Speccy.exe
Process ID 1988
User philoubreizh
Domain PHILOU-ORDI
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 20 MB
Peak Memory Usage 21 MB
sppsvc.exe
Process ID 1964
User SERVICE RÉSEAU
Domain AUTORITE NT
Path C:\Windows\system32\sppsvc.exe
Memory Usage 6,14 MB
Peak Memory Usage 6,62 MB
svchost.exe
Process ID 1604
User SERVICE LOCAL
Domain AUTORITE NT
Path C:\Windows\system32\svchost.exe
Memory Usage 13 MB
Peak Memory Usage 26 MB
svchost.exe
Process ID 624
User Système
Domain AUTORITE NT
Path C:\Windows\system32\svchost.exe
Memory Usage 7,11 MB
Peak Memory Usage 7,47 MB
svchost.exe
Process ID 704
User SERVICE RÉSEAU
Domain AUTORITE NT
Path C:\Windows\system32\svchost.exe
Memory Usage 5,75 MB
Peak Memory Usage 5,76 MB
svchost.exe
Process ID 872
User SERVICE LOCAL
Domain AUTORITE NT
Path C:\Windows\System32\svchost.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
svchost.exe
Process ID 904
User Système
Domain AUTORITE NT
Path C:\Windows\System32\svchost.exe
Memory Usage 13 MB
Peak Memory Usage 13 MB
svchost.exe
Process ID 928
User Système
Domain AUTORITE NT
Path C:\Windows\system32\svchost.exe
Memory Usage 37 MB
Peak Memory Usage 41 MB
svchost.exe
Process ID 1096
User SERVICE LOCAL
Domain AUTORITE NT
Path C:\Windows\system32\svchost.exe
Memory Usage 7,12 MB
Peak Memory Usage 7,12 MB
svchost.exe
Process ID 1300
User SERVICE RÉSEAU
Domain AUTORITE NT
Path C:\Windows\system32\svchost.exe
Memory Usage 10 MB
Peak Memory Usage 11 MB
svchost.exe
Process ID 2416
User SERVICE LOCAL
Domain AUTORITE NT
Path C:\Windows\system32\svchost.exe
Memory Usage 3,94 MB
Peak Memory Usage 3,97 MB
svchost.exe
Process ID 2940
User SERVICE LOCAL
Domain AUTORITE NT
Path C:\Windows\System32\svchost.exe
Memory Usage 5,07 MB
Peak Memory Usage 5,07 MB
System
Process ID 4
Memory Usage 788 KB
Peak Memory Usage 5,91 MB
System Idle Process
Process ID 0
taskhost.exe
Process ID 1744
User philoubreizh
Domain PHILOU-ORDI
Path C:\Windows\system32\taskhost.exe
Memory Usage 10 MB
Peak Memory Usage 10 MB
wininit.exe
Process ID 408
User Système
Domain AUTORITE NT
Path C:\Windows\system32\wininit.exe
Memory Usage 3,32 MB
Peak Memory Usage 3,40 MB
winlogon.exe
Process ID 456
User Système
Domain AUTORITE NT
Path C:\Windows\system32\winlogon.exe
Memory Usage 5,27 MB
Peak Memory Usage 6,70 MB
wlanext.exe
Process ID 1492
User Système
Domain AUTORITE NT
Path C:\Windows\system32\WLANExt.exe
Memory Usage 3,95 MB
Peak Memory Usage 3,98 MB
WmiPrvSE.exe
Process ID 3680
User Système
Domain AUTORITE NT
Path C:\Windows\system32\wbem\WmiPrvSE.exe
Memory Usage 11 MB
Peak Memory Usage 11 MB
WmiPrvSE.exe
Process ID 472
User SERVICE RÉSEAU
Domain AUTORITE NT
Path C:\Windows\system32\wbem\WmiPrvSE.exe
Memory Usage 8,75 MB
Peak Memory Usage 8,81 MB
wmpnetwk.exe
Process ID 340
User SERVICE RÉSEAU
Domain AUTORITE NT
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 1,96 MB
Peak Memory Usage 9,53 MB
Scheduler
13/09/2013 05:23; Adobe Flash Player Updater
14/09/2013 08:39; RealPlayerRealUpgradeScheduledTaskS-1-5-21-1484982223-3793710775-4053577855-1000
CCleanerSkipUAC
RealPlayerRealUpgradeLogonTaskS-1-5-21-1484982223-3793710775-4053577855-1000
SidebarExecute
Hotfixes
13/09/2013 Mise à jour des définitions pour Microsoft Security Essentials – KB2310138 (Définition 1.157.1826.0)
Installez cette mise à jour pour actualiser les fichiers de définition
utilisés pour détecter les virus, les logiciels espions et autres
programmes potentiellement indésirables. Une fois l'installation
effectuée, aucune suppression ne sera possible.
12/09/2013 Mise à jour des définitions pour Microsoft Security Essentials – KB2310138 (Définition 1.157.1739.0)
Installez cette mise à jour pour actualiser les fichiers de définition
utilisés pour détecter les virus, les logiciels espions et autres
programmes potentiellement indésirables. Une fois l'installation
effectuée, aucune suppression ne sera possible.
10/09/2013 Mise à jour des définitions pour Microsoft Security Essentials – KB2310138 (Définition 1.157.1635.0)
Installez cette mise à jour pour actualiser les fichiers de définition
utilisés pour détecter les virus, les logiciels espions et autres
programmes potentiellement indésirables. Une fois l'installation
effectuée, aucune suppression ne sera possible.
09/09/2013 Mise à jour des définitions pour Microsoft Security Essentials – KB2310138 (Définition 1.157.1515.0)
Installez cette mise à jour pour actualiser les fichiers de définition
utilisés pour détecter les virus, les logiciels espions et autres
programmes potentiellement indésirables. Une fois l'installation
effectuée, aucune suppression ne sera possible.
09/09/2013 Mise à jour des définitions pour Microsoft Security Essentials – KB2310138 (Définition 1.157.1515.0)
Installez cette mise à jour pour actualiser les fichiers de définition
utilisés pour détecter les virus, les logiciels espions et autres
programmes potentiellement indésirables. Une fois l'installation
effectuée, aucune suppression ne sera possible.
08/09/2013 Mise à jour des définitions pour Microsoft Security Essentials – KB2310138 (Définition 1.157.1462.0)
Installez cette mise à jour pour actualiser les fichiers de définition
utilisés pour détecter les virus, les logiciels espions et autres
programmes potentiellement indésirables. Une fois l'installation
effectuée, aucune suppression ne sera possible.
System Folders
Path for burning CD C:\Users\philoubreizh\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\philoubreizh\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\_OTL\MovedFiles\09082013_093745\C_Users\PHILOU~1\AppData\Roaming\MICROS~1\Windows\Cookies
Desktop C:\Users\philoubreizh\Desktop
Physical Desktop C:\Users\philoubreizh\Desktop
User Favorites C:\Users\philoubreizh\Favorites
Fonts C:\Windows\Fonts
Internet History C:\Users\philoubreizh\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\philoubreizh\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\philoubreizh\AppData\Local
Windows Directory C:\Windows
Windows/System C:\Windows\system32
Program Files C:\Program Files
Services
Running Alimentation
Running Appel de procédure distante (RPC)
Running Audio Windows
Running Centre de sécurité
Running Client de stratégie de groupe
Running Client de suivi de lien distribué
Running Client DHCP
Running Client DNS
Running Connaissance des emplacements réseau
Running Connexions réseau
Running Découverte SSDP
Running Détection matériel noyau
Running Emplacement protégé
Running Expérience d’application
Running Fichiers hors connexion
Running Gestionnaire de comptes de sécurité
Running Gestionnaire de sessions du Gestionnaire de fenêtrage
Running Gestionnaire d’identité réseau homologue
Running Générateur de points de terminaison du service Audio Windows
Running Hôte système de diagnostics
Running Informations d’application
Running Infrastructure de gestion Windows
Running Inspection du réseau Microsoft
Running Isolation de clé CNG
Running Journal d’événements Windows
Running Lanceur de processus serveur DCOM
Running Mappeur de point de terminaison RPC
Running Microsoft Antimalware Service
Running Modules de génération de clés IKE et AuthIP
Running Moteur de filtrage de base
Running Pare-feu Windows
Running Planificateur de classes multimédias
Running Planificateur de tâches
Running Plug-and-Play
Running Protection logicielle
Running Protocole EAP (Extensible Authentication Protocol)
Running Protocole PNRP
Running Sandboxie Service
Running Service de configuration automatique WLAN
Running Service de découverte automatique de Proxy Web pour les services HTTP Windows
Running Service de notification d’événements système
Running Service de profil utilisateur
Running Service de stratégie de diagnostic
Running Service de transfert intelligent en arrière-plan
Running Service hôte WDIServiceHost
Running Service Interface du magasin réseau
Running Service Liste des réseaux
Running Service Partage réseau du Lecteur Windows Media
Running Services de chiffrement
Running Station de travail
Running Système d’événement COM+
Running Thèmes
Running Windows Driver Foundation - Infrastructure de pilote mode-utilisateur
Running Windows Update
Stopped Accès du périphérique d'interface utilisateur
Stopped Acquisition d’image Windows (WIA)
Stopped Adobe Flash Player Update Service
Stopped Agent de protection d’accès réseau
Stopped Agent de stratégie IPsec
Stopped Application système COM+
Stopped Assistance IP
Stopped Assistance NetBIOS sur TCP/IP
Stopped BranchCache
Stopped Brillance adaptative
Stopped Carte de performance WMI
Stopped Carte à puce
Stopped Cliché instantané des volumes
Stopped Collecteur d’événements de Windows
Stopped Configuration automatique de réseau câblé
Stopped Configuration des services Bureau à distance
Stopped Coordinateur de transactions distribuées
Stopped Disque virtuel
Stopped Défragmenteur de disque
Stopped Détection de services interactifs
Stopped Explorateur d’ordinateurs
Stopped Expérience audio-vidéo haute qualité Windows
Stopped Fournisseur de cliché instantané de logiciel Microsoft
Stopped Fournisseur HomeGroup
Stopped Gestion des clés et des certificats d’intégrité
Stopped Gestion d’applications
Stopped Gestion à distance de Windows (Gestion WSM)
Stopped Gestionnaire de connexion automatique d’accès distant
Stopped Gestionnaire de connexions d’accès distant
Stopped Gestionnaire d’informations d’identification
Stopped Groupement de mise en réseau de pairs
Stopped Hôte de périphérique UPnP
Stopped Hôte du fournisseur de découverte de fonctions
Stopped Identité de l’application
Stopped Intel Content Protection HECI Service
Stopped Intel Integrated Clock Controller Service - Intel ICCS
Stopped Interruption SNMP
Stopped Journaux & alertes de performance
Stopped Localisateur d’appels de procédure distante (RPC)
Stopped Ma-Config Agent
Stopped Mappage de découverte de topologie de la couche de liaison
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Netlogon
Stopped Ouverture de session secondaire
Stopped Parental Controls
Stopped Partage de connexion Internet (ICS)
Stopped Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration
Stopped Programme d’installation ActiveX (AxInstSV)
Stopped Programme d’installation pour les modules Windows
Stopped Propagation du certificat
Stopped Publication des ressources de découverte de fonctions
Stopped Redirecteur de port du mode utilisateur des services Bureau à distance
Stopped Registre à distance
Stopped Routage et accès distant
Stopped Sauvegarde Windows
Stopped Serveur
Stopped Serveur de priorités des threads
Stopped Service de biométrie Windows
Stopped Service de cache de police Windows
Stopped Service de chiffrement de lecteur BitLocker
Stopped Service de configuration automatique WWAN
Stopped Service de la passerelle de la couche Application
Stopped Service de l’Assistant Compatibilité des programmes
Stopped Service de moteur de sauvegarde en mode bloc
Stopped Service de notification SPP
Stopped Service de prise en charge Bluetooth
Stopped Service de publication des noms d’ordinateurs PNRP
Stopped Service de rapport d’erreurs Windows
Stopped Service Initiateur iSCSI de Microsoft
Stopped Service KtmRm pour Distributed Transaction Coordinator
Stopped Service Panneau de saisie Tablet PC
Stopped Service Énumérateur d’appareil mobile
Stopped Services Bureau à distance
Stopped Services de base de module de plateforme sécurisée
Stopped Service SSTP (Secure Socket Tunneling Protocol)
Stopped Spouleur d’impression
Stopped Stratégie de retrait de la carte à puce
Stopped Superfetch
Stopped Système de couleurs Windows
Stopped Système de fichiers EFS (Encrypting File System)
Stopped Temps Windows
Stopped Téléphonie
Stopped WebClient
Stopped Windows Connect Now - Registre de configuration
Stopped Windows Defender
Stopped Windows Installer
Stopped Windows Search
Stopped Écouteur HomeGroup
Stopped Énumérateur de bus IP PnP-X
Security Options
Accès réseau : chemins et sous-chemins de Registre accessibles à distance System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
Accès réseau : les autorisations spécifiques des utilisateurs appartenant au groupe Tout le monde s’appliquent aux utilisateurs anonymes Désactivé
Accès réseau : les canaux nommés qui sont accessibles de manière anonyme
Accès réseau : les chemins de Registre accessibles à distance System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
Accès réseau : les partages qui sont accessibles de manière anonyme Non défini
Accès réseau : modèle de partage et de sécurité pour les comptes locaux Classique - les utilisateurs locaux s’authentifient eux-mêmes
Accès réseau : ne pas autoriser l’énumération anonyme des comptes et partages SAM Désactivé
Accès réseau : ne pas autoriser l’énumération anonyme des comptes SAM Activé
Accès réseau : Permet la traduction de noms/SID anonymes Désactivé
Accès réseau : restreindre l’accès anonyme aux canaux nommés et aux partages Activé
Accès réseau : ne pas autoriser le stockage de mots de passe et d’informations d’identification pour l’authentification du réseau Désactivé
Arrêt : effacer le fichier d’échange de mémoire virtuelle Désactivé
Arrêt : permet au système d’être arrêté sans avoir à se connecter Activé
Audit : arrêter immédiatement le système s’il n’est pas possible de se connecter aux audits de sécurité Désactivé
Audit : auditer l’accès des objets système globaux Désactivé
Audit : auditer l’utilisation des privilèges de sauvegarde et de restauration Désactivé
Audit : force les paramètres de sous-catégorie de stratégie d’audit (Windows Vista ou version ultérieure) à se substituer aux paramètres de catégorie de stratégie d’audit Non défini
Chiffrement système : utilisez des algorithmes compatibles FIPS pour le chiffrement, le hachage et la signature Désactivé
Client réseau Microsoft : communications signées numériquement (lorsque le serveur l’accepte) Activé
Client réseau Microsoft : communications signées numériquement (toujours) Désactivé
Client réseau Microsoft : envoyer un mot de passe non chiffré aux serveurs SMB tierce partie Désactivé
Comptes : renommer le compte administrateur Administrateur
Comptes : renommer le compte Invité Invité
Comptes : restreindre l’utilisation de mots de passe vides par le compte local à l’ouverture de session console Activé
Comptes : statut du compte Administrateur Désactivé
Comptes : statut du compte Invité Désactivé
Connexion interactive : afficher les informations relatives à l’utilisateur lorsque la session est verrouillée Non défini
Console de récupération : autoriser l’ouverture de session d’administration automatique Désactivé
Console de récupération : autoriser la copie de disquettes et l’accès à tous les lecteurs et dossiers Désactivé
Contrôle de compte d’utilisateur : mode Approbation administrateur pour le compte Administrateur intégré Désactivé
Contrôle de compte d’utilisateur : passer au Bureau sécurisé lors d’une demande d’élévation Activé
Contrôle de compte d’utilisateur : autoriser les applications UIAccess à demander l’élévation sans utiliser le bureau sécurisé Désactivé
Contrôle de compte d’utilisateur : comportement de l’invite d’élévation pour les administrateurs en mode d’approbation Administrateur Demande de consentement pour les binaires non Windows
Contrôle de compte d’utilisateur : comportement de l’invite d’élévation pour les utilisateurs standard Demande d’informations d’identification
Contrôle de compte d’utilisateur : détecter les installations d’applications et demander l’élévation Activé
Contrôle de compte d’utilisateur : élever uniquement les applications UIAccess installées à des emplacements sécurisés Activé
Contrôle de compte d’utilisateur : élever uniquement les exécutables signés et validés Désactivé
Contrôle de compte d’utilisateur : exécuter les comptes d’administrateurs en mode d’approbation d’administrateur Activé
Contrôle de compte d’utilisateur : virtualiser les échecs d’écritures de fichiers et de Registre dans des emplacements définis par utilisateur Activé
Contrôleur de domaine : conditions requises pour la signature de serveur LDAP Non défini
Contrôleur de domaine : permettre aux opérateurs du serveur de planifier des tâches Non défini
Contrôleur de domaine : refuser les modifications de mot de passe du compte ordinateur Non défini
Cryptographie système : force une protection forte des clés utilisateur enregistrées sur l’ordinateur Non défini
DCOM : Restrictions d’accès à un ordinateur au format du langage SDDL (Security Descriptor Definition Language) Non défini
DCOM : Restrictions de démarrage d’ordinateur au format du langage SDDL (Security Descriptor Definition Language) Non défini
Membre de domaine : ancienneté maximale du mot de passe du compte ordinateur 30 jours
Membre de domaine : chiffrer numériquement les données des canaux sécurisés (lorsque cela est possible) Activé
Membre de domaine : chiffrer ou signer numériquement les données des canaux sécurisés (toujours) Activé
Membre de domaine : désactive les modifications de mot de passe du compte ordinateur Désactivé
Membre de domaine : nécessite une clé de session forte (Windows 2000 ou ultérieur) Activé
Membre de domaine : signer numériquement les données des canaux sécurisés (lorsque cela est possible) Activé
Objets système : les différences entre majuscules et minuscules ne doivent pas être prises en compte pour les sous-systèmes autres que Windows Activé
Objets système : renforcer les autorisations par défaut des objets système internes (comme les liens de symboles) Activé
Ouverture de session interactive : carte à puce nécessaire Désactivé
Ouverture de session interactive : comportement lorsque la carte à puce est retirée Aucune action
Ouverture de session interactive : contenu du message pour les utilisateurs essayant de se connecter
Ouverture de session interactive : ne pas afficher le dernier nom d’utilisateur Désactivé
Ouverture de session interactive : ne pas demander la combinaison de touches Ctrl+Alt+Suppr. Non défini
Ouverture de session interactive : nécessite l’authentification par le contrôleur de domaine pour le déverrouillage de la station de travail. Désactivé
Ouverture de session interactive : prévenir l’utilisateur qu’il doit changer son mot de passe avant qu’il n’expire 5 jours
Ouverture de session interactive : titre du message pour les utilisateurs essayant de se connecter
Ouvertures de sessions interactives : nombre d’ouvertures de sessions précédentes réalisées en utilisant le cache (lorsqu’aucun contrôleur de domaine n’est disponible) 10 Ouvertures de session
Paramètres système : Sous-systèmes optionnels Posix
Paramètres système : utiliser les règles de certificat avec les exécutables Windows pour les stratégies de restriction logicielle Désactivé
Périphériques : autoriser l’accès au CD-ROM uniquement aux utilisateurs ayant ouvert une session localement Non défini
Périphériques : autoriser le retrait sans ouverture de session préalable Activé
Périphériques : empêcher les utilisateurs d’installer des pilotes d’imprimante Désactivé
Périphériques : ne permettre l’accès aux disquettes qu’aux utilisateurs connectés localement Non défini
Périphériques : permettre le formatage et l’éjection des supports amovibles Non défini
Sécurité réseau : conditions requises pour la signature de client LDAP Négociation des signatures
Sécurité réseau : forcer la fermeture de session quand les horaires de connexion expirent Désactivé
Sécurité réseau : ne pas stocker de valeurs de hachage de niveau LAN Manager sur la prochaine modification de mot de passe Activé
Sécurité réseau : niveau d’authentification LAN Manager Non défini
Sécurité réseau : sécurité de session minimale pour les clients basés sur NTLM SSP (y compris RPC sécurisé) Exiger un niveau de chiffrement à 128 bits
Sécurité réseau : sécurité de session minimale pour les serveurs basés sur NTLM SSP (y compris RPC sécurisé) Exiger un niveau de chiffrement à 128 bits
Sécurité réseau : Autoriser le retour à des sessions NULL avec SystèmeLocal Non défini
Sécurité réseau : Autoriser les demandes d’authentification PKU2U auprès de cet ordinateur pour utiliser les identités en ligne Non défini
Sécurité réseau : Autoriser Système local à utiliser l’identité de l’ordinateur pour NTLM Non défini
Sécurité réseau : Configurer les types de chiffrement autorisés pour Kerberos Non défini
Sécurité réseau : Restreindre NTLM : Ajouter des exceptions de serveurs dans ce domaine Non défini
Sécurité réseau : Restreindre NTLM : Ajouter des exceptions de serveurs distants pour l’authentification NTLM Non défini
Sécurité réseau : Restreindre NTLM : Auditer l’authentification NTLM dans ce domaine Non défini
Sécurité réseau : Restreindre NTLM : Auditer le trafic NTLM entrant Non défini
Sécurité réseau : Restreindre NTLM : Authentification NTLM dans ce domaine Non défini
Sécurité réseau : Restreindre NTLM : Trafic NTLM entrant Non défini
Sécurité réseau : Restreindre NTLM : Trafic NTLM sortant vers des serveurs distants Non défini
Serveur réseau Microsoft : communications signées numériquement (lorsque le serveur l’accepte) Désactivé
Serveur réseau Microsoft : communications signées numériquement (toujours) Désactivé
Serveur réseau Microsoft : déconnecter les clients à l’expiration du délai de la durée de session Activé
Serveur réseau Microsoft : durée d’inactivité avant la suspension d’une session 15 minutes
Serveur réseau Microsoft : niveau de validation du nom de la cible de serveur SPN Non défini
Device Tree
PC avec processeur x86 ACPI
Système compatible ACPI Microsoft
Intel Pentium CPU B960 @ 2.20GHz
Intel Pentium CPU B960 @ 2.20GHz
Carte système
Ressources de la carte mère
Bouton de fonctionnalité définie ACPI
Bus PCI
2nd Generation Intel Core Processor Family DRAM Controller - 0104
Unknown Device
Intel 7 Series/C216 Chipset Family SMBus Host Controller - 1E22
Interface de gestion Microsoft Windows pour ACPI
Interface de gestion Microsoft Windows pour ACPI
Ressources de la carte mère
Intel® HD Graphics
Moniteur Plug-and-Play générique
Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Concentrateur USB racine
Generic USB Hub
Périphérique USB composite
HD WebCam
Contrôleur audio haute définition
Périphérique High Definition Audio
Son Intel pour écrans
Intel® 7 Series/C216 Chipset Family PCI Express Root Port 1 - 1E10
Contrôleur Ethernet
Contrôleur hôte numérique sécurisé compatible SDA
Périphérique système de base
Périphérique système de base
Intel® 7 Series/C216 Chipset Family PCI Express Root Port 2 - 1E12
Carte réseau Broadcom 802.11n
Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
Concentrateur USB racine
Generic USB Hub
Périphérique d’entrée USB
Souris HID
Intel® HM70 Express Chipset LPC Controller - 1E5E
Clavier standard PS/2
Souris compatible PS/2
Contrôleur d’accès direct en mémoire
Périphérique concentrateur à microprogramme Intel 82802
Compteur d’événement de haute précision
Contrôleur d’interruptions programmable
Coprocesseur arithmétique
Ressources de la carte mère
Horloge système CMOS/temps réel
Horloge système
Ressources de la carte mère
Contrôleur embarqué compatible ACPI Microsoft
Batterie à méthode de contrôle compatible ACPI Microsoft
Adaptateur secteur Microsoft
Bouton marche-arrêt ACPI
Couvercle ACPI
Bouton veille ACPI
Intel® 7 Series/C216 Chipset Family 4 port Serial ATA Storage Controller - 1E01
ATA Channel 1
ATA Channel 0
WDC WD7500BPVT-22HXZT3 ATA Device
Slimtype DVD A DS8A9SH ATA Device
Intel® 7 Series/C216 Chipset Family 2 port Serial ATA Storage Controller - 1E09
ATA Channel 0
ATA Channel 1
CPU
Intel Pentium B960
Cores 2
Threads 2
Name Intel Pentium B960
Code Name Sandy Bridge
Package Socket 988B rPGA
Technology 32nm
Specification Intel Pentium CPU B960 @ 2.20GHz
Family 6
Extended Family 6
Model A
Extended Model 2A
Stepping 7
Revision D2
Instructions MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, Intel 64, NX
Virtualization Not supported
Hyperthreading Supported, Disabled
Bus Speed 99,8 MHz
Stock Core Speed 2200 MHz
Stock Bus Speed 100 MHz
Average Temperature 46 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2 x 256 KBytes
L3 Unified Cache Size 2048 KBytes
Core 0
Core Speed 1496,8 MHz
Multiplier x 15,0
Bus Speed 99,8 MHz
Temperature 47 °C
Thread 1
APIC ID 0
Core 1
Core Speed 798,3 MHz
Multiplier x 8,0
Bus Speed 99,8 MHz
Temperature 44 °C
Thread 1
APIC ID 2
RAM
Memory slots
Total memory slots 4
Used memory slots 1
Free memory slots 3
Memory
Type DDR3
Size 4096 MBytes
Channels # Single
DRAM Frequency 665,3 MHz
CAS# Latency (CL) 9 clocks
RAS# to CAS# Delay (tRCD) 9 clocks
RAS# Precharge (tRP) 9 clocks
Cycle Time (tRAS) 24 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 38 %
Total Physical 2,58 GB
Available Physical 1,58 GB
Total Virtual 5,16 GB
Available Virtual 4,14 GB
SPD
Number Of SPD Modules 1
Slot #1
Type DDR3
Size 4096 MBytes
Manufacturer Samsung
Max Bandwidth PC3-10700 (667 MHz)
Part Number M471B5273DH0-CH9
Serial Number E1BE60ED
Week/year 23 / 12
SPD Ext. EPP
JEDEC #5
Frequency 685,7 MHz
CAS# Latency 9,0
RAS# To CAS# 10
RAS# Precharge 10
tRAS 25
tRC 34
Voltage 1,500 V
JEDEC #4
Frequency 609,5 MHz
CAS# Latency 8,0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1,500 V
JEDEC #3
Frequency 533,3 MHz
CAS# Latency 7,0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1,500 V
JEDEC #2
Frequency 457,1 MHz
CAS# Latency 6,0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1,500 V
JEDEC #1
Frequency 381,0 MHz
CAS# Latency 5,0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 14
tRC 19
Voltage 1,500 V
Motherboard
Manufacturer Packard Bell
Model EG50_HC_HR (U3E1)
Version V2.15
Chipset Vendor Intel
Chipset Model Sandy Bridge
Chipset Revision 09
Southbridge Vendor Intel
Southbridge Model ID1E5E
Southbridge Revision 04
BIOS
Brand Insyde Corp.
Version V2.15
Date 11/03/2013
PCI Data
Slot PCI-E x16
Slot Type PCI-E x16
Slot Usage Available
Data lanes x16
Slot Designation J5C1
Characteristics PME, Hot Plug
Slot Number 0
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage Available
Data lanes x1
Slot Designation J6C1
Characteristics PME, Hot Plug
Slot Number 1
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage Available
Data lanes x1
Slot Designation J6C2
Characteristics PME, Hot Plug
Slot Number 2
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage Available
Data lanes x1
Slot Designation J6D2
Characteristics PME, Hot Plug
Slot Number 3
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage Available
Data lanes x1
Slot Designation J7C1
Characteristics PME, Hot Plug
Slot Number 4
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage Available
Data lanes x1
Slot Designation J7D2
Characteristics PME, Hot Plug
Slot Number 5
Slot PCI-E x1
Slot Type PCI-E x1
Slot Usage Available
Data lanes x1
Slot Designation J8C1
Characteristics PME, Hot Plug
Slot Number 6
Slot PCI-E x16
Slot Type PCI-E x16
Slot Usage Available
Data lanes x16
Slot Designation J8C2
Characteristics PME, Hot Plug
Slot Number 7
Graphics
Monitor
Name Moniteur Plug-and-Play générique on Intel HD Graphics
Current Resolution 1366x768 pixels
Work Resolution 1366x728 pixels
State Enabled, Primary
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Intel HD Graphics
Manufacturer Intel
Model HD Graphics
Device ID 8086-0106
Revision A
Subvendor Acer Incorporated [ALI] (1025)
Current Performance Level Level 0
Driver version 9.17.10.3062
Count of performance levels : 1
Level 1
Hard Drives
WDC WD7500BPVT-22HXZT3 ATA Device
Manufacturer Western Digital
Form Factor GB/2.5-inch
Heads 16
Cylinders 16 383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
Serial Number WD-WXG1C1214989
LBA Size 48-bit LBA
Power On Count 784 times
Power On Time 81,2 days
Speed 5400 RPM
Features S.M.A.R.T., APM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 699 GB
Real size 750 156 374 016 bytes
RAID Type None
S.M.A.R.T
Status Good
Temperature 35 °C
Temperature Range OK (less than 50 °C)
01 Read Error Rate 200 (200) Data 0000000000
03 Spin-Up Time 183 (176) Data 000000073A
04 Start/Stop Count 091 (091) Data 00000025FD
05 Reallocated Sectors Count 200 (200) Data 0000000000
07 Seek Error Rate 200 (200) Data 0000000000
09 Power-On Hours (POH) 098 (098) Data 000000079D
0A Spin Retry Count 100 (100) Data 0000000000
0B Recalibration Retries 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 0000000310
BF G-sense error rate 001 (001) Data 0000000279
C0 Power-off Retract Count 200 (200) Data 00000001B5
C1 Load/Unload Cycle Count 090 (090) Data 00000513F1
C2 Temperature 112 (101) Data 0000000023
C4 Reallocation Event Count 200 (200) Data 0000000000
C5 Current Pending Sector Count 200 (200) Data 0000000000
C6 Uncorrectable Sector Count 100 (253) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
C8 Write Error Rate / Multi-Zone Error Rate 100 (253) Data 0000000000
Partition 0
Partition ID Disk #0, Partition #0
Size 350 Mo
Partition 1
Partition ID Disk #0, Partition #1
Disk Letter C:
File System NTFS
Volume Serial Number 48D7F90B
Size 698 GB
Used Space 18,1 GB (3%)
Free Space 680 GB (97%)
Optical Drives
Slimtype DVD A DS8A9SH ATA Device
Media Type DVD Writer
Name Slimtype DVD A DS8A9SH ATA Device
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Read capabilities CD-R, CD-RW, CD-ROM, DVD-RAM, DVD-ROM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Write capabilities CD-R, CD-RW, DVD-RAM, DVD-R, DVD-RW, DVD+R, DVD+RW, DVD-R DL, DVD+R DL
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 1
Status OK
Audio
Sound Cards
Périphérique High Definition Audio
Son Intel pour écrans
Playback Device
Haut-parleurs (2- Périphérique High Definition Audio)
Recording Device
Microphone (2- Périphérique High Definition Audio)
Peripherals
Clavier standard PS/2
Device Kind Keyboard
Device Name Clavier standard PS/2
Vendor (Claviers standard)
Location Branché dans le port clavier
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
Souris HID
Device Kind Mouse
Device Name Souris HID
Vendor Logitech
Location Périphérique d’entrée USB
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\mouhid.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
Souris compatible PS/2
Device Kind Mouse
Device Name Souris compatible PS/2
Vendor Microsoft
Location branché dans le port souris PS/2
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
Périphérique vidéo USB
Device Kind Camera/scanner
Device Name Périphérique vidéo USB
Vendor Unknown
Comment HD WebCam
Location 0000.001a.0000.001.003.000.000.000.000
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\drivers\usbvideo.sys
Printers
Network
You are connected to the internet
Connected through Carte r?seau Broadcom 802.11n
IP Address 92.23.162.23
Subnet mask 255.0.0.0
Gateway server 92.23.162.126
Preferred DNS server 109.0.66.10
Alternate DNS server 109.0.66.20
DHCP Disabled
External IP Address 93.23.160.96
Adapter Type IEEE 802.11 wireless
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 Bps
Computer Name
NetBIOS Name PHILOU-ORDI
DNS Name philou-Ordi
Membership Part of workgroup
Workgroup WORKGROUP
Remote Desktop
Disabled
Console
State Active
Domain PHILOU-ORDI
WinInet Info
Connexion réseau
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 3
Wi-Fi (NEUF_10D8)
SSID NEUF_10D8
Name NEUF_10D8
Signal Strength/Quality 88
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
Wi-Fi (Gateway)
SSID Gateway
Name Gateway
Signal Strength/Quality 8
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
Wi-Fi (freebox_TODBRR)
SSID freebox_TODBRR
Name freebox_TODBRR
Signal Strength/Quality 24
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags There is a profile for this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time WPA algorithm that uses preshared keys (PSK)
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout (ms) 60 000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout (ms) 30 000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
File and printer sharing service Disabled
Simple File Sharing Enabled
Administrative Shares Enabled
Accès réseau : modèle de partage et de sécurité pour les comptes locaux Classique - les utilisateurs locaux s’authentifient eux-mêmes
Adapters List
Carte r?seau Broadcom 802.11n
IP Address 92.23.162.23
Subnet mask 255.0.0.0
Gateway server 92.23.162.126
MAC Address B8-76-3F-2A-08-C7
Network Shares
No network shares
Current TCP Connections
C:\Program Files\Mozilla Firefox\firefox.exe (3772)
Local 92.23.162.23:49357 ESTABLISHED Remote 74.125.195.18:443 (Querying... ) (HTTPS)
Local 92.23.162.23:49542 ESTABLISHED Remote 23.50.177.224:443 (Querying... ) (HTTPS)
Local 92.23.162.23:49544 ESTABLISHED Remote 77.67.11.96:80 (Querying... ) (HTTP)
Local 92.23.162.23:49545 ESTABLISHED Remote 77.67.11.96:80 (Querying... ) (HTTP)
Local 92.23.162.23:49508 ESTABLISHED Remote 108.168.208.206:80 (Querying... ) (HTTP)
Local 92.23.162.23:49522 ESTABLISHED Remote 173.194.66.102:80 (Querying... ) (HTTP)
Local 92.23.162.23:49525 ESTABLISHED Remote 2.17.111.139:80 (Querying... ) (HTTP)
Local 92.23.162.23:49528 ESTABLISHED Remote 173.194.40.121:80 (Querying... ) (HTTP)
Local 92.23.162.23:49532 ESTABLISHED Remote 173.194.45.90:80 (Querying... ) (HTTP)
Local 92.23.162.23:49555 ESTABLISHED Remote 173.194.66.120:80 (Querying... ) (HTTP)
Local 92.23.162.23:49533 ESTABLISHED Remote 31.13.81.65:80 (Querying... ) (HTTP)
Local 92.23.162.23:49557 ESTABLISHED Remote 74.125.195.120:443 (Querying... ) (HTTPS)
Local 92.23.162.23:49558 ESTABLISHED Remote 173.194.78.84:443 (Querying... ) (HTTPS)
Local 92.23.162.23:49536 ESTABLISHED Remote 77.67.11.96:80 (Querying... ) (HTTP)
Local 92.23.162.23:49529 ESTABLISHED Remote 173.194.40.193:443 (Querying... ) (HTTPS)
Local 92.23.162.23:49561 ESTABLISHED Remote 173.194.78.100:80 (Querying... ) (HTTP)
Local 92.23.162.23:49562 ESTABLISHED Remote 173.194.40.107:443 (Querying... ) (HTTPS)
Local 92.23.162.23:49538 ESTABLISHED Remote 23.38.2.110:443 (Querying... ) (HTTPS)
Local 92.23.162.23:49570 ESTABLISHED Remote 82.192.95.42:80 (Querying... ) (HTTP)
Local 92.23.162.23:49540 ESTABLISHED Remote 173.194.45.89:80 (Querying... ) (HTTP)
Local 127.0.0.1:49354 ESTABLISHED Remote 127.0.0.1:49355 (Querying... )
Local 127.0.0.1:49355 ESTABLISHED Remote 127.0.0.1:49354 (Querying... )
lsass.exe (512)
Local 0.0.0.0:49154 LISTEN
services.exe (504)
Local 0.0.0.0:49156 LISTEN
svchost.exe (704)
Local 0.0.0.0:135 (DCE) LISTEN
svchost.exe (872)
Local 0.0.0.0:49153 LISTEN
svchost.exe (928)
Local 0.0.0.0:49155 LISTEN
System Process
Local 92.23.162.23:49523 TIME-WAIT Remote 173.194.66.102:80 (Querying... ) (HTTP)
Local 92.23.162.23:49527 TIME-WAIT Remote 173.194.40.217:80 (Querying... ) (HTTP)
Local 92.23.162.23:49507 TIME-WAIT Remote 199.7.55.72:80 (Querying... ) (HTTP)
Local 92.23.162.23:49535 TIME-WAIT Remote 31.13.81.65:80 (Querying... ) (HTTP)
Local 92.23.162.23:49510 TIME-WAIT Remote 173.194.67.95:80 (Querying... ) (HTTP)
Local 92.23.162.23:49537 TIME-WAIT Remote 77.67.11.96:80 (Querying... ) (HTTP)
Local 92.23.162.23:49524 TIME-WAIT Remote 173.194.78.156:80 (Querying... ) (HTTP)
Local 92.23.162.23:49534 TIME-WAIT Remote 173.194.45.90:80 (Querying... ) (HTTP)
Local 92.23.162.23:49526 TIME-WAIT Remote 2.17.111.139:80 (Querying... ) (HTTP)
Local 92.23.162.23:49541 TIME-WAIT Remote 173.194.45.89:80 (Querying... ) (HTTP)
Local 92.23.162.23:49546 TIME-WAIT Remote 77.67.11.96:80 (Querying... ) (HTTP)
Local 92.23.162.23:49547 TIME-WAIT Remote 77.67.11.96:80 (Querying... ) (HTTP)
Local 92.23.162.23:49549 TIME-WAIT Remote 178.255.83.1:80 (Querying... ) (HTTP)
Local 92.23.162.23:49551 TIME-WAIT Remote 185.31.19.134:80 (Querying... ) (HTTP)
Local 92.23.162.23:49552 TIME-WAIT Remote 178.255.83.1:80 (Querying... ) (HTTP)
Local 92.23.162.23:49556 TIME-WAIT Remote 173.194.66.120:80 (Querying... ) (HTTP)
Local 92.23.162.23:49559 TIME-WAIT Remote 178.255.83.1:80 (Querying... ) (HTTP)
Local 92.23.162.23:49560 TIME-WAIT Remote 178.255.83.1:80 (Querying... ) (HTTP)
Local 92.23.162.23:49565 TIME-WAIT Remote 185.31.16.196:80 (Querying... ) (HTTP)
Local 92.23.162.23:49571 TIME-WAIT Remote 199.7.55.72:80 (Querying... ) (HTTP)
System Process
Local 92.23.162.23:139 (NetBIOS session service) LISTEN
wininit.exe (408)
Local 0.0.0.0:49152 LISTEN
Generated with Speccy v1.23.569

#7
Tips2013

Posted 12 September 2013 - 09:09 PM

New Member

Topic Starter
Member
9 posts

Vino's Event Viewer v01c run on Windows 2008 in French
Report run at 13/09/2013 04:53:10

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Erreur Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/09/2013 02:42:07
Type: Erreur Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
Le serveur {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.

Log: 'System' Date/Time: 13/09/2013 02:41:37
Type: Erreur Category: 0
Event: 7034 Source: Service Control Manager
Le service Windows Search s’est terminé de façon inattendue pour la 8ème fois.

Log: 'System' Date/Time: 13/09/2013 02:41:37
Type: Erreur Category: 0
Event: 7024 Source: Service Control Manager
Le service Windows Search s’est arrêté avec l’erreur service particulière %%-2147218173.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Avertissement Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
Tips2013

Posted 12 September 2013 - 09:10 PM

New Member

Topic Starter
Member
9 posts

Farbar Service Scanner Version: 13-09-2013
Ran by philoubreizh (administrator) on 13-09-2013 at 04:56:01
Running from "C:\Users\philoubreizh\Desktop"
Microsoft Windows 7 Édition Intégrale Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2010-11-20 23:29] - [2010-11-20 23:29] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#9
Tips2013

Posted 12 September 2013 - 09:10 PM

New Member

Topic Starter
Member
9 posts

OTL logfile created on: 13/09/2013 04:54:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\philoubreizh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,58 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 55,90% Memory free
5,16 Gb Paging File | 4,05 Gb Available in Paging File | 78,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,29 Gb Total Space | 680,12 Gb Free Space | 97,40% Space Free | Partition Type: NTFS

Computer Name: PHILOU-ORDI | User Name: philoubreizh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/09 13:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\philoubreizh\Desktop\OTL.exe
PRC - [2013/09/03 16:34:28 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/09/03 16:34:04 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/09/01 18:21:04 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/08/14 19:55:19 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/18 16:49:42 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/07/18 16:49:24 | 000,995,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/07/08 13:28:42 | 000,543,320 | ---- | M] (Sandboxie Holdings, LLC) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2013/07/08 13:28:42 | 000,129,112 | ---- | M] (Sandboxie Holdings, LLC) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2013/05/23 17:26:30 | 003,298,864 | ---- | M] (mIRC Co. Ltd.) -- C:\TeamScripT4\mirc.exe
PRC - [2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/09/01 18:21:02 | 016,166,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/08/14 19:55:36 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2004/07/22 13:53:10 | 000,010,240 | ---- | M] () -- C:\TeamScripT4\system\dlls\nHTML295.dll
MOD - [2002/02/03 21:25:00 | 000,025,600 | ---- | M] () -- C:\TeamScripT4\system\dlls\tbwin.dll

========== Services (SafeList) ==========

SRV - [2013/09/01 18:21:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/22 15:41:36 | 001,783,632 | ---- | M] (CybelSoft) [Disabled | Stopped] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV - [2013/07/18 16:49:42 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/07/08 13:28:42 | 000,129,112 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2013/03/22 09:50:32 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IKARUS\anti.virus\bin\NTGUARD.SYS -- (NTGUARD)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\PHILOU~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/09/13 04:41:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6E9E99A-4002-47FE-BDB5-F318455752D7}\MpKsl4530aca8.sys -- (MpKsl4530aca8)
DRV - [2013/09/01 10:14:30 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/07/08 13:28:40 | 000,159,208 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/05/08 13:23:38 | 000,086,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TeeDriver.sys -- (MEI)
DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2013/03/12 15:09:40 | 000,289,792 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/07/21 20:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/11/20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 173.234.227.13:8800

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.fr/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

[2013/09/09 13:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philoubreizh\AppData\Roaming\Mozilla\Extensions
[2013/09/07 08:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\philoubreizh\AppData\Roaming\Mozilla\Firefox\Profiles\lnibdjb4.default\extensions
[2013/09/04 04:19:36 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\philoubreizh\AppData\Roaming\Mozilla\Firefox\Profiles\lnibdjb4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/01 18:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/01 18:18:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/11 15:51:42 | 001,129,332 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15372 more lines...
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\..Trusted Domains: ma-config.com ([]http in Sites de confiance)
O15 - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\..Trusted Domains: touslesdrivers.com ([]http in Sites de confiance)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EA20ED4-8057-4AB8-B122-DABA8784485A}: NameServer = 109.0.66.10,109.0.66.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AA7EA86-C5AE-46ED-95DD-4F68A55F7B7E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AA7EA86-C5AE-46ED-95DD-4F68A55F7B7E}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

SafeBootMin: 86136595.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 86136595.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/09/13 04:55:23 | 000,358,923 | ---- | C] (Farbar) -- C:\Users\philoubreizh\Desktop\FSS.exe
[2013/09/13 04:49:20 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2013/09/13 04:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/09/13 04:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/13 04:40:08 | 005,552,488 | ---- | C] (Piriform Ltd) -- C:\Users\philoubreizh\Desktop\spsetup123.exe
[2013/09/13 04:37:00 | 002,799,296 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\philoubreizh\Desktop\procexp.exe
[2013/09/13 04:35:24 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\philoubreizh\Desktop\aswmbr.exe
[2013/09/13 04:32:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/13 04:32:22 | 001,029,509 | ---- | C] (Thisisu) -- C:\Users\philoubreizh\Desktop\JRT.exe
[2013/09/11 16:25:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/11 16:25:27 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/09/11 09:03:43 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\Desktop\TeamScripT4
[2013/09/10 11:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Purify
[2013/09/10 11:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Purify
[2013/09/10 11:18:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPToolsLicenseComponent
[2013/09/10 11:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XP Registry Cleaner
[2013/09/10 11:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\XP Registry Cleaner
[2013/09/10 11:18:23 | 000,628,469 | ---- | C] (Nice Soft PC Optimization Technology ) -- C:\Users\philoubreizh\Documents\xpregistrycleaner.exe
[2013/09/10 11:15:50 | 007,360,213 | ---- | C] (PurifySoft ) -- C:\Users\philoubreizh\Documents\RegistryPurifySetup.exe
[2013/09/10 02:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/09/10 02:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013/09/09 17:29:41 | 011,260,240 | ---- | C] (Microsoft Corporation) -- C:\Users\philoubreizh\Documents\mseinstall.exe
[2013/09/09 17:18:57 | 002,590,808 | ---- | C] (Sandboxie Holdings, LLC) -- C:\Users\philoubreizh\Documents\SandboxieInstall.exe
[2013/09/09 17:03:59 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\mIRC
[2013/09/09 16:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2013/09/09 16:52:30 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\WinTools
[2013/09/09 16:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTools Software
[2013/09/09 16:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinTools Software
[2013/09/09 16:51:46 | 002,707,821 | ---- | C] (WinTools Software Engineering, Ltd. ) -- C:\Users\philoubreizh\Documents\wintoolspro.exe
[2013/09/09 16:43:41 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\VS Revo Group
[2013/09/09 16:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/09/09 16:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/09/09 16:43:34 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/09/09 16:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/09/09 16:43:21 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Programs
[2013/09/09 16:40:17 | 010,031,224 | ---- | C] (VS Revo Group ) -- C:\Users\philoubreizh\Documents\RevoUninProSetup.exe
[2013/09/09 16:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2013/09/09 14:47:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/09/09 14:45:23 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\philoubreizh\Documents\tdsskiller.exe
[2013/09/09 14:44:41 | 000,343,760 | ---- | C] (ESET) -- C:\Users\philoubreizh\Documents\ESETSirefefCleaner.exe
[2013/09/09 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\VirtualStore
[2013/09/09 14:20:17 | 001,490,944 | ---- | C] (Adlice Softwares) -- C:\Users\philoubreizh\Desktop\LogAnalyzer.exe
[2013/09/09 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Macromedia
[2013/09/09 11:28:05 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\Documents\backups
[2013/09/09 11:20:10 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\philoubreizh\Documents\HijackThis.exe
[2013/09/08 18:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013/09/08 18:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2013/09/08 18:23:04 | 001,944,960 | ---- | C] (mIRC Co. Ltd.) -- C:\Users\philoubreizh\Documents\mirc732.exe
[2013/09/08 17:29:54 | 024,358,912 | ---- | C] (IKARUS Security Software GmbH) -- C:\Users\philoubreizh\Documents\Setup IKARUS anti.virus 2.2.12.exe
[2013/09/08 10:29:05 | 004,454,952 | ---- | C] (Piriform Ltd) -- C:\Users\philoubreizh\Documents\ccsetup405.exe
[2013/09/08 10:05:44 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Temp
[2013/09/08 10:03:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/08 09:35:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/08 09:32:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\philoubreizh\Desktop\OTL.exe
[2013/09/08 05:21:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/07 18:32:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/07 18:31:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2013/09/07 18:17:57 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/07 18:17:37 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/09/07 18:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/09/07 08:32:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013/09/07 08:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/09/06 10:32:10 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Diagnostics
[2013/09/05 14:19:27 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\philoubreizh\Desktop\TFC.exe
[2013/09/04 17:08:29 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\VMware
[2013/09/04 16:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013/09/04 16:55:29 | 030,188,416 | ---- | C] (VMware, Inc.) -- C:\Users\philoubreizh\Documents\VMware-player-1.0.6-80404.exe
[2013/09/04 04:07:17 | 000,000,000 | ---D | C] -- C:\Support
[2013/09/03 16:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digeus
[2013/09/03 16:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Digeus
[2013/09/03 16:55:42 | 002,225,295 | ---- | C] (Digeus, Inc. ) -- C:\Users\philoubreizh\Documents\junkfilescleaner.exe
[2013/09/03 16:35:01 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/03 16:35:01 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/09/03 16:35:01 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/03 16:35:01 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/09/03 16:35:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/09/03 16:35:01 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/09/03 16:35:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/09/03 16:35:01 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/09/03 16:35:01 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/09/03 16:35:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/03 16:35:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/03 16:35:00 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/03 16:35:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/03 16:35:00 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/03 16:35:00 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/09/03 16:35:00 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/09/03 16:35:00 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/03 16:35:00 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/03 16:35:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/09/03 16:35:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/03 16:35:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/09/03 16:35:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/09/03 16:35:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/09/03 16:35:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/09/03 16:35:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/09/03 16:35:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/09/03 16:34:59 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/03 16:34:59 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/09/03 16:34:59 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/09/03 16:34:59 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/09/03 16:34:59 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/09/03 16:34:59 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/03 16:34:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/03 16:34:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/03 16:34:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/03 16:34:59 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/09/03 16:34:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/09/03 16:34:04 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/03 16:34:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/03 16:34:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/03 16:34:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/03 16:33:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/09/03 16:33:17 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/09/03 16:32:45 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/09/03 16:32:45 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/09/03 16:32:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/09/03 16:32:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/09/03 16:32:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/09/03 16:32:45 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/09/03 16:32:45 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/09/03 16:32:44 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/09/03 16:32:44 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/09/03 16:32:44 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/09/03 16:32:44 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/09/03 16:32:44 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/09/03 16:32:44 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/09/03 16:32:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/09/03 16:32:44 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/09/03 16:32:44 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/09/03 16:32:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/09/03 16:32:44 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/09/03 16:32:44 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/09/03 16:32:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/09/03 16:30:34 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/09/03 16:27:48 | 025,172,992 | ---- | C] (Microsoft Corporation) -- C:\Users\philoubreizh\Documents\IE10-Windows6.1-x86-fr-fr.exe
[2013/09/03 07:44:42 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013/09/03 07:43:30 | 002,590,808 | ---- | C] (Sandboxie Holdings, LLC) -- C:\Users\philoubreizh\Desktop\SandboxieInstall.exe
[2013/09/02 02:00:26 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Web CEO
[2013/09/02 02:00:05 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Web CEO
[2013/09/01 14:52:34 | 000,041,584 | ---- | C] (ThreatTrack Security) -- C:\Windows\System32\drivers\gfiark.sys
[2013/09/01 11:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/09/01 11:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/09/01 11:41:47 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2013/09/01 11:37:41 | 003,872,056 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvsrv.dll
[2013/09/01 11:37:41 | 003,560,760 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvui.dll
[2013/09/01 11:37:41 | 000,091,448 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmwlcoi.dll
[2013/09/01 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/09/01 11:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/09/01 11:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2013/09/01 11:34:28 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/09/01 11:34:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/09/01 11:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/09/01 11:34:12 | 000,000,000 | ---D | C] -- C:\Intel
[2013/09/01 11:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[2013/09/01 11:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ma-config.com
[2013/09/01 11:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\ma-config.com
[2013/09/01 11:19:08 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\Macromedia
[2013/09/01 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\Adobe
[2013/09/01 11:18:22 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/01 11:18:22 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/01 11:18:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013/09/01 11:12:31 | 000,000,000 | ---D | C] -- C:\Lop SD
[2013/09/01 10:23:16 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\LavasoftStatistics
[2013/09/01 10:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/09/01 10:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/09/01 10:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/09/01 10:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/09/01 10:14:30 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/09/01 09:20:44 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/09/01 09:20:44 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/09/01 09:20:36 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/09/01 09:20:36 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/09/01 09:20:36 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/09/01 09:20:22 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/09/01 09:20:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/09/01 09:19:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/09/01 09:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamScripT 4
[2013/09/01 09:17:14 | 000,000,000 | ---D | C] -- C:\TeamScripT4
[2013/09/01 09:17:00 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\WinZip
[2013/09/01 09:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/09/01 09:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/09/01 09:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/09/01 09:09:40 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/09/01 09:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/01 09:07:19 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Roaming\Mozilla
[2013/09/01 09:07:19 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Mozilla
[2013/09/01 09:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/01 08:55:55 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/09/01 08:28:00 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/01 08:28:00 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Searches
[2013/09/01 08:28:00 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/01 08:27:49 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Contacts
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Voisinage réseau
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Voisinage d'impression
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\SendTo
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Recent
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Modèles
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Documents\Mes vidéos
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Documents\Mes images
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Mes documents
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Menu Démarrer
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Documents\Ma musique
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Local Settings
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\AppData\Local\Historique
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\Application Data
[2013/09/01 08:27:36 | 000,000,000 | -HSD | C] -- C:\Users\philoubreizh\AppData\Local\Application Data
[2013/09/01 08:27:36 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Temporary Internet Files
[2013/09/01 08:27:36 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\Cookies
[2013/09/01 08:27:35 | 000,000,000 | --SD | C] -- C:\Users\philoubreizh\AppData\Roaming\Microsoft
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Videos
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Saved Games
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Pictures
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Music
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Links
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Favorites
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Downloads
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Documents
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\Desktop
[2013/09/01 08:27:35 | 000,000,000 | R--D | C] -- C:\Users\philoubreizh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/01 08:27:35 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData\Local\Microsoft
[2013/09/01 08:27:35 | 000,000,000 | ---D | C] -- C:\Users\philoubreizh\AppData
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modèles
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\Program Files\Fichiers communs
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoris
[2013/09/01 08:27:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureau
[2013/09/01 08:21:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/09/13 04:55:31 | 000,358,923 | ---- | M] (Farbar) -- C:\Users\philoubreizh\Desktop\FSS.exe
[2013/09/13 04:50:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\philoubreizh\Desktop\VEW.exe
[2013/09/13 04:41:01 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/09/13 04:40:28 | 005,552,488 | ---- | M] (Piriform Ltd) -- C:\Users\philoubreizh\Desktop\spsetup123.exe
[2013/09/13 04:37:06 | 002,799,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\philoubreizh\Desktop\procexp.exe
[2013/09/13 04:36:41 | 000,000,512 | ---- | M] () -- C:\Users\philoubreizh\Desktop\MBR.dat
[2013/09/13 04:35:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\philoubreizh\Desktop\aswmbr.exe
[2013/09/13 04:34:20 | 000,658,584 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/09/13 04:34:20 | 000,571,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/13 04:34:20 | 000,119,904 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/09/13 04:34:20 | 000,095,788 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/13 04:32:29 | 001,029,509 | ---- | M] (Thisisu) -- C:\Users\philoubreizh\Desktop\JRT.exe
[2013/09/13 04:27:53 | 000,257,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/13 04:27:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/13 04:26:59 | 2078,035,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/13 04:26:37 | 000,022,528 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 04:26:36 | 000,022,528 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 04:25:31 | 001,037,278 | ---- | M] () -- C:\Users\philoubreizh\Desktop\AdwCleaner.exe
[2013/09/13 04:23:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 14:00:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/12 14:00:13 | 000,745,127 | ---- | M] () -- C:\Users\philoubreizh\Desktop\WiNToBootic_v2.1.zip
[2013/09/12 11:01:08 | 2448,254,976 | ---- | M] () -- C:\Users\philoubreizh\Desktop\X15-65810.iso
[2013/09/12 05:42:45 | 000,002,125 | ---- | M] () -- C:\Users\philoubreizh\Desktop\open.bat
[2013/09/11 16:31:12 | 000,001,350 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/09/11 16:26:19 | 000,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2013/09/11 15:51:42 | 001,129,332 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/09/11 03:14:07 | 000,000,037 | ---- | M] () -- C:\Users\philoubreizh\Desktop\proxy.bat
[2013/09/10 18:37:51 | 003,651,912 | ---- | M] () -- C:\Users\philoubreizh\Documents\TalkTalk-Router-Update-Tool.exe
[2013/09/10 11:20:23 | 000,002,749 | ---- | M] () -- C:\Users\Public\Desktop\Registry Purify v5.56.lnk
[2013/09/10 11:19:49 | 007,360,213 | ---- | M] (PurifySoft ) -- C:\Users\philoubreizh\Documents\RegistryPurifySetup.exe
[2013/09/10 11:18:41 | 000,000,987 | ---- | M] () -- C:\Users\philoubreizh\Desktop\XP Registry Cleaner.lnk
[2013/09/10 11:18:25 | 000,628,469 | ---- | M] (Nice Soft PC Optimization Technology ) -- C:\Users\philoubreizh\Documents\xpregistrycleaner.exe
[2013/09/10 02:21:10 | 000,001,039 | ---- | M] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Lien Navigateur Internet Sandboxé
[2013/09/09 17:31:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/09 17:30:16 | 011,260,240 | ---- | M] (Microsoft Corporation) -- C:\Users\philoubreizh\Documents\mseinstall.exe
[2013/09/09 17:19:06 | 002,590,808 | ---- | M] (Sandboxie Holdings, LLC) -- C:\Users\philoubreizh\Documents\SandboxieInstall.exe
[2013/09/09 17:08:33 | 000,001,437 | ---- | M] () -- C:\Users\philoubreizh\Desktop\TeamScripT 4.lnk
[2013/09/09 17:08:12 | 004,027,721 | ---- | M] () -- C:\Users\philoubreizh\Documents\TeamScripT4.rar
[2013/09/09 16:52:27 | 000,001,301 | ---- | M] () -- C:\Users\Public\Desktop\WinTools.net Professional.lnk
[2013/09/09 16:51:57 | 002,707,821 | ---- | M] (WinTools Software Engineering, Ltd. ) -- C:\Users\philoubreizh\Documents\wintoolspro.exe
[2013/09/09 16:43:38 | 000,001,258 | ---- | M] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/09/09 16:43:38 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/09/09 16:40:47 | 010,031,224 | ---- | M] (VS Revo Group ) -- C:\Users\philoubreizh\Documents\RevoUninProSetup.exe
[2013/09/09 14:45:30 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\philoubreizh\Documents\tdsskiller.exe
[2013/09/09 14:44:52 | 000,343,760 | ---- | M] (ESET) -- C:\Users\philoubreizh\Documents\ESETSirefefCleaner.exe
[2013/09/09 14:20:18 | 001,490,944 | ---- | M] (Adlice Softwares) -- C:\Users\philoubreizh\Desktop\LogAnalyzer.exe
[2013/09/09 14:01:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/09/09 13:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\philoubreizh\Desktop\OTL.exe
[2013/09/09 11:20:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\philoubreizh\Documents\HijackThis.exe
[2013/09/09 03:29:38 | 000,088,280 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2013/09/08 18:25:14 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013/09/08 18:23:22 | 001,944,960 | ---- | M] (mIRC Co. Ltd.) -- C:\Users\philoubreizh\Documents\mirc732.exe
[2013/09/08 17:30:32 | 024,358,912 | ---- | M] (IKARUS Security Software GmbH) -- C:\Users\philoubreizh\Documents\Setup IKARUS anti.virus 2.2.12.exe
[2013/09/08 10:29:43 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/08 10:29:28 | 004,454,952 | ---- | M] (Piriform Ltd) -- C:\Users\philoubreizh\Documents\ccsetup405.exe
[2013/09/08 05:20:56 | 001,037,278 | ---- | M] () -- C:\Users\philoubreizh\Documents\adwcleaner.exe
[2013/09/07 20:34:29 | 008,899,446 | ---- | M] () -- C:\Users\philoubreizh\Desktop\D7.zip
[2013/09/07 18:29:51 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/07 18:17:39 | 000,002,121 | ---- | M] () -- C:\Users\philoubreizh\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/09/07 18:17:20 | 005,377,506 | ---- | M] () -- C:\Users\philoubreizh\Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/09/07 14:33:50 | 000,067,081 | ---- | M] () -- C:\Users\philoubreizh\Desktop\template_3212046581511231497.xml
[2013/09/05 18:05:04 | 000,082,714 | ---- | M] () -- C:\Users\philoubreizh\Desktop\template-3770988938700533390.xml
[2013/09/05 14:19:31 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\philoubreizh\Desktop\TFC.exe
[2013/09/04 17:19:20 | 009,039,846 | ---- | M] () -- C:\Users\philoubreizh\Documents\OpenWRT-7.09.7z
[2013/09/04 17:07:48 | 003,076,486 | ---- | M] () -- C:\Users\philoubreizh\Documents\OpenWRT-10.03.7z
[2013/09/04 16:56:13 | 030,188,416 | ---- | M] (VMware, Inc.) -- C:\Users\philoubreizh\Documents\VMware-player-1.0.6-80404.exe
[2013/09/04 05:36:34 | 000,067,081 | ---- | M] () -- C:\Users\philoubreizh\Desktop\template-3212046581511231497.xml
[2013/09/04 05:33:30 | 000,235,734 | ---- | M] () -- C:\Users\philoubreizh\Desktop\blog-09-03-2013.xml
[2013/09/03 16:56:27 | 000,002,783 | ---- | M] () -- C:\Users\Public\Desktop\Digeus Junk Files Cleaner.lnk
[2013/09/03 16:55:43 | 002,225,295 | ---- | M] (Digeus, Inc. ) -- C:\Users\philoubreizh\Documents\junkfilescleaner.exe
[2013/09/03 16:35:02 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/09/03 16:35:01 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/03 16:35:01 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/03 16:35:01 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/09/03 16:35:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/09/03 16:35:01 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/09/03 16:35:01 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/09/03 16:35:01 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/09/03 16:35:01 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/03 16:35:01 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/09/03 16:35:01 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/03 16:35:01 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/03 16:35:00 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/03 16:35:00 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/09/03 16:35:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/03 16:35:00 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/03 16:35:00 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/09/03 16:35:00 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/09/03 16:35:00 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/03 16:35:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/09/03 16:35:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/03 16:35:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/09/03 16:35:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/09/03 16:35:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/09/03 16:35:00 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/09/03 16:35:00 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/09/03 16:35:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/09/03 16:34:59 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/03 16:34:59 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/09/03 16:34:59 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/09/03 16:34:59 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/09/03 16:34:59 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/03 16:34:59 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/03 16:34:59 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/03 16:34:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/03 16:34:59 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/09/03 16:34:59 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/09/03 16:34:28 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/09/03 16:34:04 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/03 16:34:04 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/03 16:34:04 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/03 16:34:04 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/03 16:34:04 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/03 16:34:04 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/03 16:33:17 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/09/03 16:33:17 | 003,913,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/09/03 16:32:45 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/09/03 16:32:45 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/09/03 16:32:45 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/09/03 16:32:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/09/03 16:32:45 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/09/03 16:32:45 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/09/03 16:32:45 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/09/03 16:32:45 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/09/03 16:32:45 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/09/03 16:32:44 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/09/03 16:32:44 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/09/03 16:32:44 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/09/03 16:32:44 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/09/03 16:32:44 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/09/03 16:32:44 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/09/03 16:32:44 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/09/03 16:32:44 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/09/03 16:32:44 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/09/03 16:32:44 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/09/03 16:32:44 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/09/03 16:32:44 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/09/03 16:30:34 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/09/03 16:28:18 | 025,172,992 | ---- | M] (Microsoft Corporation) -- C:\Users\philoubreizh\Documents\IE10-Windows6.1-x86-fr-fr.exe
[2013/09/03 07:43:37 | 002,590,808 | ---- | M] (Sandboxie Holdings, LLC) -- C:\Users\philoubreizh\Desktop\SandboxieInstall.exe
[2013/09/02 02:00:27 | 000,001,988 | ---- | M] () -- C:\Users\philoubreizh\Desktop\Web CEO.lnk
[2013/09/02 02:00:26 | 000,001,990 | ---- | M] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Web CEO.lnk
[2013/09/01 18:21:05 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/01 18:21:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/01 18:18:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/01 11:38:05 | 000,707,378 | ---- | M] () -- C:\Windows\System32\oem4.inf
[2013/09/01 11:37:34 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2013/09/01 11:37:33 | 003,872,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\bcmihvsrv.dll
[2013/09/01 11:37:33 | 003,560,760 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\bcmihvui.dll
[2013/09/01 11:37:33 | 000,091,448 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\bcmwlcoi.dll
[2013/09/01 11:12:29 | 000,501,736 | ---- | M] () -- C:\Users\philoubreizh\Desktop\LopSD.exe
[2013/09/01 10:14:30 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/09/01 09:16:45 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/09/01 08:41:37 | 000,001,427 | ---- | M] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/01 08:28:02 | 000,001,433 | ---- | M] () -- C:\Users\philoubreizh\Desktop\Internet Explorer.lnk
[2013/09/01 08:25:24 | 000,214,678 | ---- | M] () -- C:\Windows\System32\license.rtf

========== Files Created - No Company Name ==========

[2013/09/13 04:50:52 | 000,061,440 | ---- | C] ( ) -- C:\Users\philoubreizh\Desktop\VEW.exe
[2013/09/13 04:41:01 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/09/13 04:36:41 | 000,000,512 | ---- | C] () -- C:\Users\philoubreizh\Desktop\MBR.dat
[2013/09/13 04:27:09 | 000,257,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/13 04:25:08 | 001,037,278 | ---- | C] () -- C:\Users\philoubreizh\Desktop\AdwCleaner.exe
[2013/09/12 14:00:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/12 14:00:10 | 000,745,127 | ---- | C] () -- C:\Users\philoubreizh\Desktop\WiNToBootic_v2.1.zip
[2013/09/12 09:46:52 | 2448,254,976 | ---- | C] () -- C:\Users\philoubreizh\Desktop\X15-65810.iso
[2013/09/11 03:14:07 | 000,000,037 | ---- | C] () -- C:\Users\philoubreizh\Desktop\proxy.bat
[2013/09/10 18:37:34 | 003,651,912 | ---- | C] () -- C:\Users\philoubreizh\Documents\TalkTalk-Router-Update-Tool.exe
[2013/09/10 11:20:23 | 000,002,749 | ---- | C] () -- C:\Users\Public\Desktop\Registry Purify v5.56.lnk
[2013/09/10 11:18:41 | 000,000,987 | ---- | C] () -- C:\Users\philoubreizh\Desktop\XP Registry Cleaner.lnk
[2013/09/10 02:21:22 | 000,001,039 | ---- | C] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Lien Navigateur Internet Sandboxé
[2013/09/10 02:21:20 | 000,001,350 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/09/09 17:31:17 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/09 17:08:33 | 000,001,437 | ---- | C] () -- C:\Users\philoubreizh\Desktop\TeamScripT 4.lnk
[2013/09/09 17:07:27 | 004,027,721 | ---- | C] () -- C:\Users\philoubreizh\Documents\TeamScripT4.rar
[2013/09/09 16:52:27 | 000,001,301 | ---- | C] () -- C:\Users\Public\Desktop\WinTools.net Professional.lnk
[2013/09/09 16:43:38 | 000,001,258 | ---- | C] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/09/09 16:43:38 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/09/09 14:01:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013/09/09 03:29:38 | 000,088,280 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/09/08 18:25:14 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2013/09/08 05:20:40 | 001,037,278 | ---- | C] () -- C:\Users\philoubreizh\Documents\adwcleaner.exe
[2013/09/07 18:17:39 | 000,002,121 | ---- | C] () -- C:\Users\philoubreizh\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/09/07 18:17:07 | 005,377,506 | ---- | C] () -- C:\Users\philoubreizh\Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/09/07 14:33:50 | 000,067,081 | ---- | C] () -- C:\Users\philoubreizh\Desktop\template_3212046581511231497.xml
[2013/09/05 18:05:03 | 000,082,714 | ---- | C] () -- C:\Users\philoubreizh\Desktop\template-3770988938700533390.xml
[2013/09/04 17:19:09 | 009,039,846 | ---- | C] () -- C:\Users\philoubreizh\Documents\OpenWRT-7.09.7z
[2013/09/04 16:55:51 | 003,076,486 | ---- | C] () -- C:\Users\philoubreizh\Documents\OpenWRT-10.03.7z
[2013/09/04 05:36:34 | 000,067,081 | ---- | C] () -- C:\Users\philoubreizh\Desktop\template-3212046581511231497.xml
[2013/09/04 05:33:28 | 000,235,734 | ---- | C] () -- C:\Users\philoubreizh\Desktop\blog-09-03-2013.xml
[2013/09/04 04:05:09 | 008,899,446 | ---- | C] () -- C:\Users\philoubreizh\Desktop\D7.zip
[2013/09/03 16:56:27 | 000,002,783 | ---- | C] () -- C:\Users\Public\Desktop\Digeus Junk Files Cleaner.lnk
[2013/09/03 16:34:59 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/09/02 18:16:41 | 000,001,433 | ---- | C] () -- C:\Users\philoubreizh\Desktop\Internet Explorer.lnk
[2013/09/02 02:00:27 | 000,001,988 | ---- | C] () -- C:\Users\philoubreizh\Desktop\Web CEO.lnk
[2013/09/02 02:00:26 | 000,001,990 | ---- | C] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Web CEO.lnk
[2013/09/01 22:16:33 | 000,002,125 | ---- | C] () -- C:\Users\philoubreizh\Desktop\open.bat
[2013/09/01 11:58:08 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/09/01 11:38:17 | 000,707,378 | ---- | C] () -- C:\Windows\System32\oem4.inf
[2013/09/01 11:37:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013/09/01 11:34:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/09/01 11:18:24 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/01 11:12:16 | 000,501,736 | ---- | C] () -- C:\Users\philoubreizh\Desktop\LopSD.exe
[2013/09/01 09:16:44 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/09/01 09:09:53 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/01 09:07:12 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/01 09:07:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/01 08:41:37 | 000,001,427 | ---- | C] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/01 08:28:02 | 000,001,433 | ---- | C] () -- C:\Users\philoubreizh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/01 08:27:35 | 000,000,290 | ---- | C] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/01 08:27:35 | 000,000,272 | ---- | C] () -- C:\Users\philoubreizh\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/01 08:21:33 | 2078,035,968 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/08 19:10:10 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2013/03/08 19:09:46 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2013/03/08 19:09:46 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/03/08 19:06:48 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2013/03/08 19:06:46 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2013/03/08 19:06:46 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2013/02/13 12:25:14 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/09/11 16:25:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/09 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\WinTools

========== Purity Check ==========

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD7500BPVT-22HXZT3 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 350,00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 698,00GB
Starting Offset: 368050176
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/09/01 11:19:07 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\Adobe
[2013/09/03 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\LavasoftStatistics
[2013/09/01 11:19:08 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\Macromedia
[2013/09/09 17:32:09 | 000,000,000 | --SD | M] -- C:\Users\philoubreizh\AppData\Roaming\Microsoft
[2013/09/09 17:04:14 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\mIRC
[2013/09/09 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\Mozilla
[2013/09/09 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\VMware
[2013/09/09 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\philoubreizh\AppData\Roaming\WinTools

< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\f2f739a8d939cb0fdc769a3446af420a\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 23:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 23:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 23:29:11 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\System32\nlaapi.dll
[2010/11/20 23:29:11 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll
[2012/10/03 18:29:27 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=11B8C7970C10650827D060AA81BEE63F -- C:\Windows\SoftwareDistribution\Download\ccb2ff3ce5106b48b42ea8885492f1e8\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.22124_none_6a0c0c4b82524209\nlaapi.dll
[2012/10/03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=50E0DD0A5B8D8BC353578F2F73926697 -- C:\Windows\SoftwareDistribution\Download\ccb2ff3ce5106b48b42ea8885492f1e8\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17964_none_695757ae6954dec1\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

< hklm\software\clients\startmenuinternet|command /64 /rs >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

#10
Tips2013

Posted 12 September 2013 - 09:11 PM

New Member

Topic Starter
Member
9 posts

OTL Extras logfile created on: 13/09/2013 04:54:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\philoubreizh\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,58 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 55,90% Memory free
5,16 Gb Paging File | 4,05 Gb Available in Paging File | 78,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,29 Gb Total Space | 680,12 Gb Free Space | 97,40% Space Free | Partition Type: NTFS

Computer Name: PHILOU-ORDI | User Name: philoubreizh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108A1A11-B217-4DB5-9E3E-EED0D26BEC05}" = rport=3189 | protocol=6 | dir=out | name=3189 |
"{370E1715-B293-41E7-80E3-2CF05BD77254}" = lport=3189 | protocol=17 | dir=in | name=3189 |
"{6F45BA8A-C69A-4918-BAEA-6633D9A32BFB}" = rport=3189 | protocol=17 | dir=out | name=3189 |
"{DE05750F-455F-466B-86FE-5DA710BC9BC1}" = lport=3189 | protocol=6 | dir=in | name=3189 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C24ABF-8571-43A5-A89C-787060E157D6}" = protocol=58 | dir=in | app=system |
"TCP Query User{71C4C626-4D38-4511-92CC-D10CE26BFC45}C:\teamscript4\mirc.exe" = protocol=6 | dir=in | app=c:\teamscript4\mirc.exe |
"TCP Query User{FE0952BA-008B-4D0F-8057-17ACB896C576}C:\users\philoubreizh\desktop\teamscript4\mirc.exe" = protocol=6 | dir=in | app=c:\users\philoubreizh\desktop\teamscript4\mirc.exe |
"UDP Query User{5D8052EE-B01A-4F7B-8570-D41CA161DBEE}C:\teamscript4\mirc.exe" = protocol=17 | dir=in | app=c:\teamscript4\mirc.exe |
"UDP Query User{683C4BEA-25D4-4DC3-82F5-AC7ED7299AC1}C:\users\philoubreizh\desktop\teamscript4\mirc.exe" = protocol=17 | dir=in | app=c:\users\philoubreizh\desktop\teamscript4\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{7FFFD2AE-950E-4BD1-AF7C-32E6CC15F481}_is1" = WinTools.net Professional version 13.0
"{81FA112C-A689-471E-BC33-8106B235B8DE}" = Digeus Junk Files Cleaner
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}" = WinZip 17.5
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F665B081-FB65-4C87-A7C3-5D9EBA12A73F}" = Ma-Config.com
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox 23.0.1 (x86 fr)" = Mozilla Firefox 23.0.1 (x86 fr)
"Sandboxie" = Sandboxie 4.04 (32-bit)
"Speccy" = Speccy
"TeamScripT 4" = TeamScripT 4
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"XP Registry Cleaner_is1" = XP Registry Cleaner 2.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/09/2013 22:41:11 | Computer Name = philou-Ordi | Source = PerfNet | ID = 2004
Description =

Error - 12/09/2013 22:41:37 | Computer Name = philou-Ordi | Source = Windows Search Service | ID = 3038
Description = Le rassembleur ne peut pas lire le registre WorkingDirectory. Contexte
: Application , Catalogue SystemIndex Détails : Le fichier spécifié est introuvable.
(HRESULT : 0x80070002) (0x80070002)

Error - 12/09/2013 22:41:37 | Computer Name = philou-Ordi | Source = Windows Search Service | ID = 3058
Description = Impossible d’initialiser l’application. Contexte : Application Windows

Détails
: Impossible de lire la valeur de registre car la configuration n’est pas valide.
Recréez la configuration d’index de contenu en supprimant l’index de contenu.
(HRESULT : 0x80040d03) (0x80040d03)

Error - 12/09/2013 22:41:37 | Computer Name = philou-Ordi | Source = Windows Search Service | ID = 7010
Description = Impossible d’initialiser l’index. Détails : Impossible de lire la valeur
de registre car la configuration n’est pas valide. Recréez la configuration d’index
de contenu en supprimant l’index de contenu. (HRESULT : 0x80040d03) (0x80040d03)

Error - 12/09/2013 22:43:28 | Computer Name = philou-Ordi | Source = PerfNet | ID = 2004
Description =

Error - 12/09/2013 22:49:28 | Computer Name = philou-Ordi | Source = PerfNet | ID = 2004
Description =

[ System Events ]
Error - 12/09/2013 22:41:37 | Computer Name = philou-Ordi | Source = Service Control Manager | ID = 7024
Description = Le service Windows Search s’est arrêté avec l’erreur service particulière
%%-2147218173.

Error - 12/09/2013 22:41:37 | Computer Name = philou-Ordi | Source = Service Control Manager | ID = 7034
Description = Le service Windows Search s’est terminé de façon inattendue pour la
8ème fois.

Error - 12/09/2013 22:42:07 | Computer Name = philou-Ordi | Source = DCOM | ID = 10010
Description =

< End of report >

#11
RKinner

Posted 12 September 2013 - 10:39 PM

Malware Expert

Expert
24,625 posts

Still missing the Process Explorer log.

We can clean up a few things with OTL:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IKARUS\anti.virus\bin\NTGUARD.SYS -- (NTGUARD)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\PHILOU~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1484982223-3793710775-4053577855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
SafeBootMin: 86136595.sys - Driver
SafeBootNet: 86136595.sys - Driver

:files
sc delete 86136595 /c
sc delete VMnetAdapter /c
sc delete NTGUARD /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\009122013-some number.log so look there if you don't see it.

Search is having a problem: See if the Fixit on http://support.micro.../windows_search will work for you.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please copy and paste the output log in your next reply