Solved Sluggish PC, overheating, credit card fraud

[needhelp51]

Hello. My computer is acting unstable, is very slow and tends to overheat. Worst of all, a security leak seems to have led to a credit card fraud. I think the machine is infected. Please help.

Here are the requested logs:

FRST:

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016
Exécuté par Utilisateur (administrateur) sur UTILISATEUR-PC (07-06-2016 10:26:11)
Exécuté depuis C:\Users\Utilisateur\Desktop
Profils chargés: Utilisateur (Profils disponibles: Utilisateur)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool:

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-01-26] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [lxdxmon.exe] => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-07] (COMODO)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-07] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2015-03-23] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-05-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\...\Run: [GoogleChromeAutoLaunch_A616DDE2FA4E903E4B22BA1CBF106F1F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-05-29] (Google Inc.)
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-07] (AVAST Software)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{809B5500-7F35-4BE2-AB1C-7BB6D860B9D8}: [NameServer] 208.69.150.250,208.69.150.252
Tcpip\..\Interfaces\{809B5500-7F35-4BE2-AB1C-7BB6D860B9D8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ACDB5D04-4B87-42EC-BE5B-94310838736B}: [NameServer] 208.69.150.250,208.69.150.252

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qc.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
SearchScopes: HKU\S-1-5-21-3561402276-1669811274-1820601791-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3561402276-1669811274-1820601791-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3561402276-1669811274-1820601791-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://qc.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3561402276-1669811274-1820601791-1000 -> {A8527447-EB8E-4873-ABB3-8A5429FAD7D0} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-07] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-07] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: WSISVCUchrome - Pas de valeur CLSID

FireFox:
========
FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.google.ca
FF Keyword.URL: hxxp://qc.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-01-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-11-19] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3561402276-1669811274-1820601791-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Utilisateur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Extension: PrivDog - C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\Extensions\PrivDog@AdTrustMedia.com [2014-08-24] [non signé]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Recherche Google) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs hors connexion) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-07]
CHR Extension: (Avast Online Security) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-07]
CHR Extension: (Bouton Pin It) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-25]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-07]

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-07] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-06-07] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-29] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-07] (COMODO)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-07] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2015-05-11] (LeapFrog Enterprises, Inc.) [Fichier non signé]
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2010-02-04] ( )
R2 lxdx_device; C:\Windows\SysWOW64\lxdxcoms.exe [589824 2010-02-04] ( )
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-07] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21184 2015-11-18] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [806032 2015-11-18] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-08-04] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2015-05-11] (LeapFrog)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105096 2015-08-04] (COMODO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-02] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-06-07] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-06-07] (Avast Software)
S3 catchme; \??\C:\Your_name\catchme.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-06-07 10:26 - 2016-06-07 10:28 - 00023937 _____ C:\Users\Utilisateur\Desktop\FRST.txt
2016-06-07 10:18 - 2016-06-07 10:26 - 00000000 ____D C:\FRST
2016-06-07 09:58 - 2016-06-07 09:58 - 00003928 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465307887
2016-06-07 09:58 - 2016-06-07 09:58 - 00001041 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-07 09:58 - 2016-06-07 09:58 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-07 09:56 - 2016-06-07 09:56 - 00000000 _____ C:\Windows\SysWOW64\sho9420.tmp
2016-06-07 09:55 - 2016-06-07 09:55 - 00001926 _____ C:\Users\Public\Desktop\Avast Antivirus Gratuit.lnk
2016-06-07 09:54 - 2016-06-07 09:52 - 00161760 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-06-07 09:54 - 2016-06-07 09:52 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-07 09:53 - 2016-06-07 09:53 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-07 09:53 - 2016-06-07 09:53 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-07 09:51 - 2016-06-07 09:52 - 02385408 _____ (Farbar) C:\Users\Utilisateur\Desktop\FRST64.exe
2016-05-29 23:03 - 2016-05-29 23:03 - 00031848 _____ C:\Users\Utilisateur\Desktop\blog.odt
2016-05-27 09:38 - 2016-05-27 09:38 - 00008858 _____ C:\Users\Utilisateur\Desktop\Enfants-lettrage2.pdf
2016-05-27 09:33 - 2016-05-27 09:33 - 00586320 _____ C:\Users\Utilisateur\Desktop\entente_services_dynamique.pdf
2016-05-27 09:21 - 2016-06-01 15:38 - 00000000 ____D C:\Users\Utilisateur\Desktop\Documents (COMPLET)
2016-05-27 09:09 - 2016-05-27 09:09 - 00000000 _____ C:\Windows\SysWOW64\shoFB0D.tmp

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-06-07 10:25 - 2012-07-28 02:35 - 00000000 ____D C:\ProgramData\clear.fi
2016-06-07 10:22 - 2013-07-11 21:26 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-07 10:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-07 10:21 - 2013-07-10 19:30 - 00005836 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-06-07 10:20 - 2013-03-16 12:39 - 00001947 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-06-07 10:20 - 2012-03-25 08:22 - 01476690 _____ C:\Windows\system32\perfh00C.dat
2016-06-07 10:20 - 2012-03-25 08:22 - 00406344 _____ C:\Windows\system32\perfc00C.dat
2016-06-07 10:18 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-07 10:18 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-07 10:15 - 2009-07-14 01:13 - 01834864 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-07 10:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-07 10:09 - 2013-07-11 21:26 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-07 09:59 - 2009-07-14 01:08 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-07 09:55 - 2013-11-04 19:36 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000Core.job
2016-06-07 09:54 - 2012-08-24 20:52 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-07 09:53 - 2014-05-31 23:20 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-07 09:53 - 2014-05-31 23:20 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-07 09:53 - 2013-07-10 19:23 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-07 09:53 - 2013-07-10 19:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-07 09:53 - 2012-08-24 20:52 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-07 09:53 - 2012-08-24 20:52 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-07 09:53 - 2012-08-24 20:52 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-07 09:53 - 2012-08-24 20:51 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-07 09:52 - 2012-08-24 20:52 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-07 09:52 - 2012-08-24 20:51 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-07 09:46 - 2013-11-04 19:36 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000UA.job
2016-06-07 09:46 - 2013-07-11 21:19 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-02 22:45 - 2014-06-01 21:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-29 23:22 - 2012-12-07 13:50 - 01809932 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-29 23:11 - 2013-07-11 21:28 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-29 23:11 - 2013-07-11 21:28 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-29 23:04 - 2013-07-11 21:26 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-29 23:04 - 2013-07-11 21:26 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-29 22:47 - 2015-01-06 17:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-29 22:45 - 2015-01-06 17:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-27 09:31 - 2014-12-16 17:05 - 00000000 ____D C:\Users\Utilisateur\Documents\iSkysoft Video Converter Ultimate
2016-05-27 09:24 - 2015-01-03 14:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-27 09:24 - 2013-07-11 21:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-27 09:24 - 2013-07-11 21:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-27 09:24 - 2013-07-11 21:19 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-27 09:12 - 2009-07-14 00:45 - 00464320 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Fichiers à la racine de certains dossiers =======

2013-11-06 11:44 - 2013-11-06 11:44 - 0000066 _____ () C:\Users\Utilisateur\AppData\Roaming\mbam.context.scan
2012-03-25 07:47 - 2012-03-25 07:49 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-11-04 20:06 - 2012-11-04 20:06 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-01-02 15:19 - 2015-01-02 15:19 - 0000178 _____ () C:\ProgramData\lxdx.log

==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-01-11 14:58

==================== Fin de FRST.txt ============================

 

[needhelp51]

ADDITION:

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version:06-06-2016
Exécuté par Utilisateur (2016-06-07 10:28:42)
Exécuté depuis C:\Users\Utilisateur\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-28 06:02:47)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-3561402276-1669811274-1820601791-500 - Administrator - Disabled)
Invité (S-1-5-21-3561402276-1669811274-1820601791-501 - Limited - Disabled)
Utilisateur (S-1-5-21-3561402276-1669811274-1820601791-1000 - Administrator - Enabled) => C:\Users\Utilisateur

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Avast Antivirus Gratuit (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Canaux de jeu (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 6.1.0.5 - WildTangent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Explor@ Park (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
H&R Block 2015 1.13 (HKLM-x32\...\{6FCD4000-69BF-4387-96FB-2B278B0D4ED1}) (Version: 1.13 - H&R Block)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
LeapFrog Connect (French) (HKLM-x32\...\UPCShell) (Version: 6.1.1.19530 - LeapFrog)
LeapFrog Connect (x32 Version: 6.1.1.19530 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 6.1.1.19530 - LeapFrog) Hidden
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office « Démarrer en un clic » 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Office Starter 2010 - Français (HKLM-x32\...\{90140011-0066-040C-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 fr) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 fr)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MP4Joiner v2.1.2 (HKLM-x32\...\MP4Joiner_is1) (Version: - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}) (Version: 4.12.9782 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Relevé 24 Version 2012-MF (HKLM-x32\...\Relevé 24 Version 2012 Version Milieu Familial_is1) (Version: - )
Relevé 24 Version 2013-MF (HKLM-x32\...\Relevé 24 Version 2013 Version Milieu Familial_is1) (Version: - )
Relevé 24 Version 2014-MF (HKLM-x32\...\Relevé 24 Version 2014 Version Milieu Familial_is1) (Version: - )
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version: - LeapFrog)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {116BE369-C3E2-4ACF-B16F-D7BB867F6F54} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {25EDA95A-4AE4-4E93-8CB4-7AADBD906E7E} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {40CB29A8-6E26-4150-9788-3F04A6CE10D9} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {4DDAC371-2FD8-495A-8842-94BAEF186775} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4FCFFE6B-A74E-40CC-A847-4EC84036B978} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4FF0BA5C-1BA8-4B52-B280-F9237A442AD3} - System32\Tasks\SafeZone scheduled Autoupdate 1465307887 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {5AC9029A-A5FF-42C8-9F8B-D0E3276CE7C9} - System32\Tasks\{9DA6A169-A2FA-41D8-B1B6-D334CAA3D2F0} => pcalua.exe -a "C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Task: {6305C233-F05E-40CD-83D1-779581769D66} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000UA => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-04] (Facebook Inc.)
Task: {6CB038DD-636A-4881-B7CF-D177A79A287F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {79E8D535-7AC4-436A-AD3C-AB6C1B65D6A1} - System32\Tasks\{5DE2E2D5-CDB0-4A9F-891E-5120668A1983} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.73.106.456/fr/go/help.faq.installer?LastError=1618
Task: {7DD06E53-9549-4331-BB0A-6D6E2C14DEEC} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {7E5932C8-FA6F-4D54-A6A9-ADB35FACFAAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {85DB4F51-2494-4B7E-8805-28CDDD0E97C3} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {93331F64-DAF6-4E7E-9026-E66E3A99784F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-27] (Adobe Systems Incorporated)
Task: {98CC6DF4-B4E2-4E06-A24C-9CE23077D375} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {9D9C3B88-7239-4B0F-A114-EA3E58ED0EEF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000Core => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-04] (Facebook Inc.)
Task: {A23519E5-6B57-4738-AFEF-6C3DB8349AA3} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {B9ED65F4-1934-4AA5-8F59-785B06F63C85} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-07] (AVAST Software)
Task: {BDC98A27-4479-4895-87B4-973C59EE3C00} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO)
Task: {C7D27329-AA88-44B8-920E-2A8D9F25AF61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-27] (Adobe Systems Incorporated)
Task: {CB5177DB-AA28-4053-A7D5-445069118665} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-05-29] (Microsoft Corporation)
Task: {E9643065-3623-4705-80E9-7768E8D8B0E6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {EC6CD308-5F6E-4ABB-BEE1-67EC45B68F9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-04-12] (Microsoft Corporation)
Task: {EFAD98CC-CDB9-4447-B4CC-80FB77478FAC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-05-29] (Microsoft Corporation)
Task: {F4D8BC0E-7F13-4144-B2C7-A5E5BEB38989} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F7F5F030-281F-47D2-9989-D0998FE3D874} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000Core.job => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000UA.job => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

==================== Modules chargés (Avec liste blanche) ==============

2012-11-03 17:18 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2015-01-06 17:35 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-10-13 18:23 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-03 17:21 - 2010-02-04 01:27 - 00672424 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
2014-10-12 21:49 - 2015-03-23 13:43 - 00401280 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2016-06-07 09:53 - 2016-06-07 09:53 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-07 09:47 - 2016-06-07 09:47 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\16060700\algo.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-03 17:21 - 2010-02-04 01:04 - 00380928 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll
2012-11-03 17:21 - 2010-02-04 00:52 - 00589824 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll
2012-11-03 17:21 - 2010-02-04 00:52 - 00073728 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll
2012-11-03 17:21 - 2010-02-04 01:04 - 00782336 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxDRS.dll
2012-11-03 17:21 - 2010-02-04 01:05 - 00081920 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll
2012-11-03 17:21 - 2010-02-04 00:52 - 00069632 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll
2011-08-24 21:03 - 2011-08-24 21:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2012-11-03 17:21 - 2010-02-04 01:02 - 00364544 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\iptk.dll
2012-11-03 17:21 - 2007-09-06 05:11 - 00151552 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxptp.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-16 17:02 - 2014-10-31 17:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-12-16 17:02 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2014-10-12 21:49 - 2014-03-04 07:20 - 00117760 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2014-10-12 21:49 - 2014-04-21 22:14 - 00065536 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll
2014-10-12 21:49 - 2014-05-06 01:39 - 00861184 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2014-10-12 21:49 - 2014-05-06 01:38 - 00021504 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2014-10-12 21:49 - 2014-05-06 01:38 - 00020992 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2014-10-12 21:49 - 2014-05-06 01:38 - 00204800 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2014-10-12 21:49 - 2014-05-06 06:44 - 00218112 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2014-10-12 21:49 - 2014-05-06 01:58 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2014-10-12 21:49 - 2014-05-06 06:44 - 00015360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2014-10-12 21:49 - 2014-05-06 06:44 - 00307712 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2014-10-12 21:49 - 2014-05-06 06:44 - 00014848 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2014-10-12 21:49 - 2014-05-06 02:31 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2014-10-12 21:49 - 2014-05-06 01:38 - 00036352 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2014-10-12 21:49 - 2014-05-06 01:38 - 00038912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2016-05-29 23:11 - 2016-05-11 07:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-29 23:11 - 2016-05-11 07:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2011-10-13 17:38 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]

 

[needhelp51]

AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FlyUsb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\Enfants-lettrage2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\entente_services_dynamique.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\FRST64.exe:$CmdZnID [26]

==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


==================== Hosts contenu: ===============================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2009-07-13 22:34 - 2014-05-31 23:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.69.150.250 - 208.69.150.252
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu is disabled.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

(Actuellement, il n'y a pas de correction automatique pour cette section.)


==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869
FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900
FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{169C2CCE-9D71-4877-AC67-F9C167B8D0F0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{40568FC8-A3B6-4A37-AA7D-B5C368482A62}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{384BDA83-03FC-4DA2-A2A0-C35753D2F809}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8F3D6905-F581-4331-B6DA-913AEA8DB8F1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{B2A22939-E23E-4006-9798-63D77C326712}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{54DBB9B5-1C85-4D6B-883D-3563BAFA2B1F}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{008DA9DB-506E-4009-B9FF-3908242C07BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05445CCC-06E2-4E35-AD7F-BCDF5E870CCF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{23D09075-C973-43AA-858B-7A4C17A0781D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E3DA6737-5D93-46B0-A626-6F413DA73308}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F8C006C5-BD5A-40FC-98B3-0E3D0F6235EE}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{13F8D7A2-8E77-45DA-A4A7-BCEB2B5627AD}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{91F9A524-CBAB-489D-854F-DAA7FC3B1F86}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{CE244355-C11B-48CF-91EE-BC57539E4F1B}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{B983845B-2CE1-4F19-8E91-44AC321E0FB4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{85B68524-E70B-400E-8F9C-530793C13874}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{EB0D8EE0-E5B3-4019-B922-FACF62C46601}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{C28C110B-89D1-40A4-BEE2-01EB778D41F6}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{2084BC90-62DF-45F4-B596-67E1BFD5E8E6}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxlscn.exe
FirewallRules: [{4AA0E4CD-E65C-4E7B-A5D7-40915FF8D4A3}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxlscn.exe
FirewallRules: [TCP Query User{5AA57B40-3449-49C9-B73D-AA1CFD8C650F}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe] => (Block) C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe
FirewallRules: [UDP Query User{2BF6D17C-CC83-4080-A2CB-98BE2D666B2C}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe] => (Block) C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe
FirewallRules: [{90A44C2F-BADF-4E20-A83D-BA5D4F587800}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{8E1769DB-83BB-46D5-ABCA-B69BF5649CA1}] => (Allow) C:\Users\Utilisateur\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{E02370DC-8CCF-4CB7-89F1-01A6C5BD28CC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{02E1BBC2-1E9F-4FD2-AB41-D03F13827A15}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{424DD0A4-874C-43DC-A29B-9205B2E0653C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1BC162E7-C5E3-43F1-9FAE-B174ADA7C96D}] => (Allow) C:\Users\Utilisateur\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A29D3A15-CF04-4F87-81F9-4CAD08045542}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{95C89E5B-B61B-44E3-AA32-977FCA9E02F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Points de restauration =========================

27-12-2015 14:22:20 Windows Update
28-12-2015 11:38:40 Windows Update
29-12-2015 14:17:33 Windows Update
04-01-2016 14:47:06 Windows Update
06-01-2016 07:52:29 Windows Update
07-01-2016 08:40:25 Windows Update
08-01-2016 07:51:31 Windows Update
09-01-2016 17:33:05 Windows Update
10-01-2016 11:22:50 Windows Update
12-01-2016 09:13:48 Windows Update
13-01-2016 09:16:07 Windows Update
14-01-2016 09:21:46 Windows Update
15-01-2016 14:41:23 Windows Update
15-01-2016 15:08:54 Windows Update
15-01-2016 21:49:46 Windows Update
19-01-2016 08:17:32 Windows Update
20-01-2016 08:17:21 Windows Update
21-01-2016 08:34:59 Windows Update
22-01-2016 07:55:43 Windows Update
24-01-2016 19:45:52 Windows Update
25-01-2016 08:49:55 Windows Update
26-01-2016 12:51:22 Windows Update
27-01-2016 08:44:34 Windows Update
28-01-2016 13:11:53 Windows Update
29-01-2016 07:53:38 Windows Update
01-02-2016 08:00:22 Windows Update
02-02-2016 07:52:51 Windows Update
03-02-2016 08:08:40 Windows Update
04-02-2016 08:46:35 Windows Update
05-02-2016 07:54:46 Windows Update
08-02-2016 10:56:44 Windows Update
12-02-2016 07:56:33 Windows Update
15-02-2016 00:06:05 Windows Update
17-02-2016 07:57:54 Windows Update
20-02-2016 14:09:50 Windows Update
26-02-2016 11:21:21 Windows Update
29-02-2016 08:15:21 Windows Update
14-03-2016 13:03:18 Windows Update
14-03-2016 14:08:24 Windows Update
01-04-2016 09:47:16 Windows Update
01-04-2016 10:41:07 Windows Update
11-04-2016 09:28:12 Windows Update
11-04-2016 09:38:51 Installed H&R Block 2015 1.13
18-04-2016 10:48:45 Windows Update
27-05-2016 09:54:05 Windows Update
29-05-2016 23:17:51 Windows Update

==================== Éléments en erreur du Gestionnaire de périphériques =============


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisEventCisEvent//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: SELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (06/07/2016 10:23:58 AM) (Source: WinMgmt) (EventID: 24) (User: )
Description: SELECT * FROM CisStatusChangeCisStatusChange//./root/cis


Erreurs système:
=============
Error: (06/07/2016 10:23:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Le service Client Virtualization Handler dépend du service Application Virtualization Client qui n’a pas pu démarrer en raison de l’erreur :
%%1053

Error: (06/07/2016 10:23:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Application Virtualization Client n’a pas pu démarrer en raison de l’erreur :
%%1053

Error: (06/07/2016 10:23:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Application Virtualization Client.

Error: (06/07/2016 10:21:24 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Le service Windows Update ne s’est pas fermé correctement après avoir reçu une commande d’anticipation de fermeture.

Error: (06/07/2016 10:01:55 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Modules de génération de clés IKE et AuthIP, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/07/2016 10:01:55 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Planificateur de classes multimédias, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/07/2016 10:01:55 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Service de profil utilisateur, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/07/2016 10:01:55 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Infrastructure de gestion Windows, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/07/2016 10:01:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Serveur, mais cette action a échoué en raison de l’erreur suivante :
%%1056

Error: (06/07/2016 10:01:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service AvastVBox COM Service n’a pas pu démarrer en raison de l’erreur :
%%1053


CodeIntegrity:
===================================
Date: 2014-05-31 23:08:13.611
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Your_name\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2014-05-31 23:08:13.502
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Your_name\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.


==================== Infos Mémoire ===========================

Processeur: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Pourcentage de mémoire utilisée: 37%
Mémoire physique - RAM - totale: 5995.86 MB
Mémoire physique - RAM - disponible: 3741.19 MB
Mémoire virtuelle totale: 11989.93 MB
Mémoire virtuelle disponible: 9655.08 MB

==================== Lecteurs ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:275.56 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 37E1A04C)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)

==================== Fin de Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[needhelp51]

Hello thanks for your help. Here are the requested logs.

RogueKiller:

RogueKiller V12.3.2.0 [Jun 6 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Utilisateur [Administrateur]
Démarré depuis : C:\Users\Utilisateur\Desktop\RogueKiller.exe
Mode : Suppression -- Date : 06/07/2016 22:25:39

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 8 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\LookSafe -> Supprimé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | DelaypluginInstall : C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [x][x][x] -> Supprimé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{809B5500-7F35-4BE2-AB1C-7BB6D860B9D8} | NameServer : 208.69.150.250,208.69.150.252 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACDB5D04-4B87-42EC-BE5B-94310838736B} | NameServer : 208.69.150.250,208.69.150.252 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{809B5500-7F35-4BE2-AB1C-7BB6D860B9D8} | NameServer : 208.69.150.250,208.69.150.252 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACDB5D04-4B87-42EC-BE5B-94310838736B} | NameServer : 208.69.150.250,208.69.150.252 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{809B5500-7F35-4BE2-AB1C-7BB6D860B9D8} | NameServer : 208.69.150.250,208.69.150.252 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACDB5D04-4B87-42EC-BE5B-94310838736B} | NameServer : 208.69.150.250,208.69.150.252 ([X][X]) -> Remplacé(e) ()

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000036b]) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUP][FIREFX:Addon] im9xbt9s.default : PrivDog [PrivDog@AdTrustMedia.com] -> Supprimé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] 378e7217e5b8d5965a86129df3f8207d
[BSP] e2ce97b8454da17f932da48b60c8c723 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29566976 | Size: 462502 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

[needhelp51]

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 07/06/2016
Heure de l'analyse: 22:31
Fichier journal: Rapport MBAM.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.06.08.01
Base de données de rootkits: v2016.05.27.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Utilisateur

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 312095
Temps écoulé: 22 min, 27 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Avertir
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 2
PUP.Optional.WebWatcher, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCE1662E-06F1-413D-80CB-33D456D1CFCB}, En quarantaine, [463b3dbd623778be4cbf2f5560a2ed13],
PUP.Optional.WebWatcher, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FCE1662E-06F1-413D-80CB-33D456D1CFCB}, En quarantaine, [463b3dbd623778be4cbf2f5560a2ed13],

Valeurs du Registre: 0
(Aucun élément malveillant détecté)

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 1
PUP.Optional.LookSafeUtility, C:\Program Files (x86)\LookSafe Utility, En quarantaine, [e1a003f723768fa76353ffa7f60c3cc4],

Fichiers: 0
(Aucun élément malveillant détecté)

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

 

[needhelp51]

AdwCleaner Scan log (S1):

# AdwCleaner v5.119 - Rapport créé le 07/06/2016 à 23:02:34
# Mis à jour le 30/05/2016 par Xplode
# Base de données : 2016-06-07.1 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (X64)
# Nom d'utilisateur : Utilisateur - UTILISATEUR-PC
# Exécuté depuis : C:\Users\Utilisateur\Desktop\adwcleaner_5.119.exe
# Option : Scanner
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Dossiers ] *****

Dossier trouvé : C:\Users\Utilisateur\AppData\Local\AdTrustMedia
Dossier trouvé : C:\Users\Utilisateur\AppData\Local\DownloadManager
Dossier trouvé : C:\Program Files\AdTrustMedia

***** [ Fichiers ] *****

Fichier trouvé : C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Raccourcis ] *****


***** [ Tâches planifiées ] *****


***** [ Registre ] *****

Clé trouvée : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Clé trouvée : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Clé trouvée : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Clé trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Navigateurs ] *****

[C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] trouvée : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.70\",\"d\":\"032414\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/I\"]}]}[...]
[C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] trouvée : user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"I\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawin.com\",\"bs.quadrosystem[...]
[C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] trouvée : user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://24x7homesecurity.com/\",\"hxxp://8tracks.com/\",\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp://abcnews.go.com/\",\"htt[...]
[C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] trouvée : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
[C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] trouvée : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [2972 octets] - [07/06/2016 23:02:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3046 octets] ##########

 

[needhelp51]

AdWCleaner Clean Log (C1):

# AdwCleaner v5.119 - Rapport créé le 07/06/2016 à 23:04:35
# Mis à jour le 30/05/2016 par Xplode
# Base de données : 2016-06-07.1 [Serveur]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (X64)
# Nom d'utilisateur : Utilisateur - UTILISATEUR-PC
# Exécuté depuis : C:\Users\Utilisateur\Desktop\adwcleaner_5.119.exe
# Option : Nettoyer
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Dossiers ] *****

[-] Dossier supprimé : C:\Users\Utilisateur\AppData\Local\AdTrustMedia
[-] Dossier supprimé : C:\Users\Utilisateur\AppData\Local\DownloadManager
[-] Dossier supprimé : C:\Program Files\AdTrustMedia

***** [ Fichiers ] *****

[-] Fichier supprimé : C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Raccourcis ] *****


***** [ Tâches planifiées ] *****


***** [ Registre ] *****

[-] Clé supprimée : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Clé supprimée : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
[-] Clé supprimée : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
[-] Clé supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Navigateurs ] *****

[-] [C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] supprimée : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.70\",\"d\":\"032414\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/I\"]}]}[...]
[-] [C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] supprimée : user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"I\":\"1\",\"s\":[\"display.clickpoint.com\",\"www.africawin.com\",\"bs.quadrosystem[...]
[-] [C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] supprimée : user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://24x7homesecurity.com/\",\"hxxp://8tracks.com/\",\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp://abcnews.go.com/\",\"htt[...]
[-] [C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] supprimée : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
[-] [C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\prefs.js] supprimée : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]

*************************

:: Clés "Tracing" supprimées
:: Paramètres Winsock réinitialisés

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3155 octets] - [07/06/2016 23:04:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [3126 octets] - [07/06/2016 23:02:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3303 octets] ##########

 

[needhelp51]

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Utilisateur (Administrator) on 07/06/2016 at 23:10:21.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 60

Successfully deleted: C:\Users\Utilisateur\AppData\Local\{0F127DA8-7D68-41E0-B411-9CB4BB03A755} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{18B36ED0-4D57-4EAE-9FC1-EE0D821D2316} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{308F8652-0960-4363-9F75-175A7D6739F2} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{39362E73-DBC7-4999-8A50-6384BD4669DD} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{3FEB281D-C2DF-49C8-BCC2-50C1A57809EE} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{47965BF3-C857-4E6A-B3CF-0F17626B209F} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{66E84805-8DD6-4B90-85E2-647686D7EB1C} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{7D844192-3E41-404D-BC58-3884946AA9F9} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{A957994A-C289-4316-AF83-EF353886C652} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{CF3C155C-7374-468C-A71B-65B37E687452} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{D401862E-31E0-4A1C-A921-901974152C08} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{E2E1BC02-DAD7-4378-8B95-9693E6FBECD1} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{E7FCCDD0-7278-4602-B57F-61766B1F67D5} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\{FC3E4097-2BEE-43AA-8F6E-47E6C146C2F0} (Empty Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\143ICM8G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I3QEQMI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YV35FR1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KIAYXR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE8N90T8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWUJ78J6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2D8IJHZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAM0NQP8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK67Q67M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSXSI0B4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXB6RZZQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\143ICM8G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I3QEQMI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YV35FR1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9KIAYXR2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE8N90T8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWUJ78J6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2D8IJHZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAM0NQP8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK67Q67M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VSXSI0B4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VXB6RZZQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho16E9.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho2E46.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho335C.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho34DE.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho416D.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho4778.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho7080.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho8070.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho90AB.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho9420.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho9624.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoA1CA.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoD5D5.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoE16E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoE782.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoFB0D.tmp (File)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A616DDE2FA4E903E4B22BA1CBF106F1F (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/06/2016 at 23:29:52.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[needhelp51]

Combofix completed alright. I got a warnng however that part of Comodo was still active even if it was disabled and even eventually closed.

Here is the log:

ComboFix 16-06-01.01 - Utilisateur 08/06/2016 21:35:06.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.1.1036.18.5996.2665 [GMT -4:00]
Lancé depuis: c:\users\Utilisateur\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-05-09 au 2016-06-09 ))))))))))))))))))))))))))))))))))))
.
.
2016-06-09 01:53 . 2016-06-09 01:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-06-09 01:53 . 2016-06-09 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-09 01:53 . 2016-06-09 01:53 -------- d-----w- C:\9278d662fda99abc2a73ea
2016-06-09 01:46 . 2016-06-09 01:46 -------- d-----w- c:\users\Utilisateur\AppData\Local\TempTaskUpdateDetectionEAC6B1A4-D197-482B-9DA4-D69FC6951692
2016-06-08 03:58 . 2016-06-08 03:58 -------- d-----w- c:\windows\SysWow64\vbox
2016-06-08 03:58 . 2016-06-08 03:58 -------- d-----w- c:\windows\system32\vbox
2016-06-08 03:18 . 2016-06-08 03:18 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{742829E5-99DD-4F8B-8814-AAC7B9A0ECB7}\offreg.4504.dll
2016-06-08 03:02 . 2016-06-08 03:04 -------- d-----w- C:\AdwCleaner
2016-06-08 02:12 . 2016-06-08 02:12 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-06-07 14:18 . 2016-06-07 14:30 -------- d-----w- C:\FRST
2016-06-07 13:54 . 2016-06-07 13:52 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-06-07 13:54 . 2016-06-07 13:52 161760 ----a-w- c:\windows\system32\drivers\ngvss.sys
2016-06-07 13:53 . 2016-06-07 13:53 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-06-07 13:53 . 2016-06-07 13:53 52184 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-09 01:27 . 2012-07-28 07:05 139319312 ----a-w- c:\windows\system32\MRT.exe
2016-06-08 02:30 . 2014-05-31 01:42 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-08 02:29 . 2014-05-31 01:41 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-06-08 02:29 . 2014-05-31 01:41 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-08 02:29 . 2013-03-16 15:31 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-06-07 13:53 . 2014-06-01 03:20 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-06-07 13:53 . 2014-06-01 03:20 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-06-07 13:53 . 2013-07-10 23:23 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-06-07 13:53 . 2013-07-10 23:23 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-06-07 13:53 . 2012-08-25 00:52 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-06-07 13:53 . 2012-08-25 00:52 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-06-07 13:53 . 2012-08-25 00:52 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-06-07 13:52 . 2012-08-25 00:52 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-27 13:24 . 2013-07-12 01:19 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-27 13:24 . 2013-07-12 01:19 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-27 21:09 . 2013-01-16 23:51 116248 ----a-w- c:\windows\system32\drivers\inspect.sys
2016-04-27 21:09 . 2013-01-16 23:51 56472 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2016-04-27 21:08 . 2013-01-16 23:51 829608 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2016-04-27 21:08 . 2013-01-16 23:51 31648 ----a-w- c:\windows\system32\drivers\cmderd.sys
2016-04-27 21:05 . 2013-01-25 02:43 51800 ----a-w- c:\windows\system32\cmdcsr.dll
2016-04-27 21:04 . 2013-01-25 02:43 461648 ----a-w- c:\windows\SysWow64\guard32.dll
2016-04-27 21:04 . 2013-01-25 02:43 596232 ----a-w- c:\windows\system32\guard64.dll
2016-04-27 21:00 . 2013-01-25 02:42 365752 ----a-w- c:\windows\system32\cmdvrt64.dll
2016-04-27 20:58 . 2013-01-25 02:42 51896 ----a-w- c:\windows\system32\cmdkbd64.dll
2016-04-27 20:55 . 2013-01-25 02:42 296120 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2016-04-27 20:53 . 2013-01-25 02:42 46776 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2016-04-12 15:23 . 2015-01-06 21:52 642336 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-04-11 13:41 . 2016-04-11 13:41 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-04-11 13:41 . 2016-04-11 13:41 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-04-11 13:41 . 2016-04-11 13:41 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-04-11 13:41 . 2016-04-11 13:41 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-04-11 13:41 . 2016-04-11 13:41 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-04-11 13:41 . 2016-04-11 13:41 718336 ----a-w- c:\windows\system32\ie4uinit.exe
2016-04-11 13:41 . 2016-04-11 13:41 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-04-11 13:41 . 2016-04-11 13:41 496640 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-04-11 13:41 . 2016-04-11 13:41 107520 ----a-w- c:\windows\system32\inseng.dll
2016-04-11 13:41 . 2016-04-11 13:41 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-11 13:41 . 2016-04-11 13:41 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-04-11 13:41 . 2016-04-11 13:41 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-04-11 13:41 . 2016-04-11 13:41 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-04-11 13:41 . 2016-04-11 13:41 387792 ----a-w- c:\windows\system32\iedkcs32.dll
2016-04-11 13:41 . 2016-04-11 13:41 2050560 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-04-11 13:41 . 2016-04-11 13:41 1546752 ----a-w- c:\windows\system32\urlmon.dll
2016-04-11 13:41 . 2016-04-11 13:41 152064 ----a-w- c:\windows\system32\occache.dll
2016-04-11 13:41 . 2016-04-11 13:41 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-04-11 13:41 . 2016-04-11 13:41 798720 ----a-w- c:\windows\system32\msfeeds.dll
2016-04-11 13:41 . 2016-04-11 13:41 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-04-11 13:41 . 2016-04-11 13:41 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-04-11 13:41 . 2016-04-11 13:41 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-04-11 13:41 . 2016-04-11 13:41 2123264 ----a-w- c:\windows\system32\inetcpl.cpl
2016-04-11 13:41 . 2016-04-11 13:41 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-04-11 13:41 . 2016-04-11 13:41 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-04-11 13:41 . 2016-04-11 13:41 571904 ----a-w- c:\windows\system32\vbscript.dll
2016-04-11 13:41 . 2016-04-11 13:41 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-04-11 13:41 . 2016-04-11 13:41 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-04-11 13:41 . 2016-04-11 13:41 4611072 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-04-11 13:41 . 2016-04-11 13:41 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-04-11 13:41 . 2016-04-11 13:41 615936 ----a-w- c:\windows\system32\ieui.dll
2016-04-11 13:41 . 2016-04-11 13:41 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-04-11 13:41 . 2016-04-11 13:41 14613504 ----a-w- c:\windows\system32\ieframe.dll
2016-04-11 13:41 . 2016-04-11 13:41 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-04-11 13:41 . 2016-04-11 13:41 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-04-11 13:41 . 2016-04-11 13:41 817664 ----a-w- c:\windows\system32\jscript.dll
2016-04-11 13:41 . 2016-04-11 13:41 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-04-11 13:41 . 2016-04-11 13:41 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-04-11 13:41 . 2016-04-11 13:41 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-04-11 13:41 . 2016-04-11 13:41 6052352 ----a-w- c:\windows\system32\jscript9.dll
2016-04-11 13:41 . 2016-04-11 13:41 2597376 ----a-w- c:\windows\system32\wininet.dll
2016-04-11 13:41 . 2016-04-11 13:41 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-04-11 13:41 . 2016-04-11 13:41 25816576 ----a-w- c:\windows\system32\mshtml.dll
2016-04-11 13:41 . 2016-04-11 13:41 199680 ----a-w- c:\windows\system32\msrating.dll
2016-04-11 13:38 . 2016-04-11 13:38 381440 ----a-w- c:\windows\system32\mfds.dll
2016-04-11 13:38 . 2016-04-11 13:38 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-04-11 13:37 . 2016-04-11 13:37 5572032 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-04-11 13:37 . 2016-04-11 13:37 1733592 ----a-w- c:\windows\system32\ntdll.dll
2016-04-11 13:37 . 2016-04-11 13:37 422400 ----a-w- c:\windows\system32\KernelBase.dll
2016-04-11 13:37 . 2016-04-11 13:37 1314328 ----a-w- c:\windows\SysWow64\ntdll.dll
2016-04-11 13:37 . 2016-04-11 13:37 730112 ----a-w- c:\windows\system32\kerberos.dll
2016-04-11 13:37 . 2016-04-11 13:37 3938240 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2016-04-11 13:37 . 2016-04-11 13:37 3994560 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2016-04-11 13:37 . 2016-04-11 13:37 1163264 ----a-w- c:\windows\system32\kernel32.dll
2016-04-11 13:37 . 2016-04-11 13:37 880128 ----a-w- c:\windows\system32\advapi32.dll
2016-04-11 13:37 . 2016-04-11 13:37 642560 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-04-11 13:37 . 2016-04-11 13:37 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-04-11 13:37 . 2016-04-11 13:37 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-04-11 13:37 . 2016-04-11 13:37 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll
2016-04-11 13:37 . 2016-04-11 13:37 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-04-11 13:37 . 2016-04-11 13:37 1461248 ----a-w- c:\windows\system32\lsasrv.dll
2016-04-11 13:36 . 2016-04-11 13:36 1214464 ----a-w- c:\windows\system32\rpcrt4.dll
2016-04-11 13:36 . 2016-04-11 13:36 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-04-11 13:36 . 2016-04-11 13:36 344064 ----a-w- c:\windows\system32\schannel.dll
2016-04-11 13:36 . 2016-04-11 13:36 159232 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-04-11 13:36 . 2016-04-11 13:36 112640 ----a-w- c:\windows\system32\smss.exe
2016-04-11 13:36 . 2016-04-11 13:36 315392 ----a-w- c:\windows\system32\msv1_0.dll
2016-04-11 13:36 . 2016-04-11 13:36 290816 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-04-11 13:36 . 2016-04-11 13:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-04-11 13:36 . 2016-04-11 13:36 503808 ----a-w- c:\windows\system32\srcore.dll
2016-04-11 13:36 . 2016-04-11 13:36 362496 ----a-w- c:\windows\system32\wow64win.dll
2016-04-11 13:36 . 2016-04-11 13:36 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-04-11 13:36 . 2016-04-11 13:36 86528 ----a-w- c:\windows\system32\TSpkg.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-01-06 22:11 233128 ----a-w- c:\users\Utilisateur\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-01-06 22:11 233128 ----a-w- c:\users\Utilisateur\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-01-06 22:11 233128 ----a-w- c:\users\Utilisateur\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-03-27 1098072]
"GoogleChromeAutoLaunch_A616DDE2FA4E903E4B22BA1CBF106F1F"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-05-30 881304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-07 7400064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"iSkysoft Helper Compact.exe"="c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-10-31 2066432]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2015-03-23 401280]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2015-05-11 124536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2015-06-15 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Service Démarrer en clic Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe;c:\windows\SYSNATIVE\lxdxcoms.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-30 03:10 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 13:24]
.
2016-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000Core.job
- c:\users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-04 23:36]
.
2016-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000UA.job
- c:\users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-04 23:36]
.
2016-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 16:59]
.
2016-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-12 16:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-01-06 22:11 260776 ----a-w- c:\users\Utilisateur\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-01-06 22:11 260776 ----a-w- c:\users\Utilisateur\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-01-06 22:11 260776 ----a-w- c:\users\Utilisateur\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-05-30 02:44 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-05-30 02:44 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-05-30 02:44 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-06-07 13:53 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-01-26 368728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424]
"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2016-06-07 1610936]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://qc.yahoo.com?fr=fp-comodo
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - prefs.js: keyword.URL - hxxp://qc.search.yahoo.com/search?fr=ytff-comodo&p=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PrivDog - c:\program files (x86)\AdTrustMedia\PrivDog\UninstallTrustedAds.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
Heure de fin: 2016-06-08 22:04:30
ComboFix-quarantined-files.txt 2016-06-09 02:04
.
Avant-CF: 293 961 248 768 octets libres
Après-CF: 296 354 869 248 octets libres
.
- - End Of File - - FA94161A76D1380E8B79E0E545134B01

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[needhelp51]

Oh Darn, windows seems to haven chosen this precise moment to install 'important updates', I am prompted to reboot to finish them. I have reported them 4 hours for now.

Here are the logs:

FRST

Résultats d'analyse de Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2016
Exécuté par Utilisateur (administrateur) sur UTILISATEUR-PC (08-06-2016 22:54:02)
Exécuté depuis C:\Users\Utilisateur\Desktop
Profils chargés: Utilisateur (Profils disponibles: Utilisateur)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Langue: Français (France)
Internet Explorer Version 11 (Navigateur par défaut: Chrome)
Mode d'amorçage: Normal
Tutoriel pour Farbar Recovery Scan Tool:

==================== Processus (Avec liste blanche) =================

(Si un élément est inclus dans le fichier fixlist.txt, le processus sera arrêté. Le fichier ne sera pas déplacé.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
( ) C:\Windows\System32\lxdxcoms.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp46-kb3143693-x64.exe
(Microsoft Corporation) C:\9a800d8a5c2281264ce6fb\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registre (Avec liste blanche) ===========================

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé. Le fichier ne sera pas déplacé.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-01-26] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [lxdxmon.exe] => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-06-07] (COMODO)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-07] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2015-03-23] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-05-11] (LeapFrog Enterprises, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\...\Run: [GoogleChromeAutoLaunch_A616DDE2FA4E903E4B22BA1CBF106F1F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-05-29] (Google Inc.)
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-07] (AVAST Software)

==================== Internet (Avec liste blanche) ====================

(Si un élément est inclus dans le fichier fixlist.txt, s'il s'agit d'un élément du Registre, il sera supprimé ou restauré à la valeur par défaut.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{809B5500-7F35-4BE2-AB1C-7BB6D860B9D8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qc.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
SearchScopes: HKU\S-1-5-21-3561402276-1669811274-1820601791-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3561402276-1669811274-1820601791-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://qc.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3561402276-1669811274-1820601791-1000 -> {A8527447-EB8E-4873-ABB3-8A5429FAD7D0} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-07] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-29] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-07] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: WSISVCUchrome - Pas de valeur CLSID

FireFox:
========
FF ProfilePath: C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\im9xbt9s.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.google.ca
FF Keyword.URL: hxxp://qc.search.yahoo.com/search?fr=ytff-comodo&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Pas de fichier]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-01-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2014-11-19] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3561402276-1669811274-1820601791-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Utilisateur\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Recherche Google) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs hors connexion) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-07]
CHR Extension: (Avast Online Security) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-07]
CHR Extension: (Bouton Pin It) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-25]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-07]

==================== Services (Avec liste blanche) ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-07] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5570272 2016-06-07] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-29] (Microsoft Corporation)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817200 2016-06-07] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-06-07] (COMODO)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-07] (WildTangent)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2015-05-11] (LeapFrog Enterprises, Inc.) [Fichier non signé]
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2010-02-04] ( )
R2 lxdx_device; C:\Windows\SysWOW64\lxdxcoms.exe [589824 2010-02-04] ( )
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Pilotes (Avec liste blanche) ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-07] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-07] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-04-27] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [829608 2016-04-27] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56472 2016-04-27] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2015-05-11] (LeapFrog)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-27] (COMODO)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [161760 2016-06-07] (AVAST Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-07] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [323392 2016-06-07] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Un mois - Créés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-06-08 22:53 - 2016-06-08 22:54 - 00000000 ____D C:\9a800d8a5c2281264ce6fb
2016-06-08 22:04 - 2016-06-08 22:04 - 00034934 _____ C:\ComboFix.txt
2016-06-08 21:31 - 2016-06-08 21:27 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-08 21:31 - 2016-06-08 21:27 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-08 21:31 - 2016-06-08 21:27 - 00256000 _____ C:\Windows\PEV.exe
2016-06-08 21:31 - 2016-06-08 21:27 - 00208896 _____ C:\Windows\MBR.exe
2016-06-08 21:31 - 2016-06-08 21:27 - 00098816 _____ C:\Windows\sed.exe
2016-06-08 21:31 - 2016-06-08 21:27 - 00080412 _____ C:\Windows\grep.exe
2016-06-08 21:31 - 2016-06-08 21:27 - 00068096 _____ C:\Windows\zip.exe
2016-06-08 21:31 - 2016-06-08 21:27 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-08 21:28 - 2016-06-08 22:04 - 00000000 ____D C:\Qoobox
2016-06-08 21:23 - 2016-06-08 21:23 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Utilisateur\Downloads\iExplore.exe
2016-06-08 21:23 - 2016-06-08 21:23 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Utilisateur\Downloads\iExplore (1).exe
2016-06-08 21:23 - 2016-06-08 21:23 - 00001511 _____ C:\Users\Utilisateur\Desktop\iExplore.exe - Raccourci.lnk
2016-06-08 21:21 - 2016-06-08 21:22 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Utilisateur\Desktop\rkill.exe
2016-06-08 21:18 - 2016-06-08 21:19 - 05659224 ____R (Swearware) C:\Users\Utilisateur\Desktop\ComboFix.exe
2016-06-07 23:58 - 2016-06-07 23:58 - 00000000 ____D C:\Windows\SysWOW64\vbox
2016-06-07 23:58 - 2016-06-07 23:58 - 00000000 ____D C:\Windows\system32\vbox
2016-06-07 23:29 - 2016-06-07 23:29 - 00008428 _____ C:\Users\Utilisateur\Desktop\JRT.txt
2016-06-07 23:08 - 2016-06-07 23:04 - 00003383 _____ C:\Users\Utilisateur\Desktop\AdwCleaner[C1].txt
2016-06-07 23:08 - 2016-06-07 23:04 - 00003126 _____ C:\Users\Utilisateur\Desktop\AdwCleaner[S1].txt
2016-06-07 23:02 - 2016-06-07 23:04 - 00000000 ____D C:\AdwCleaner
2016-06-07 22:59 - 2016-06-07 23:00 - 01610816 _____ (Malwarebytes) C:\Users\Utilisateur\Desktop\JRT.exe
2016-06-07 22:59 - 2016-06-07 22:59 - 03677248 _____ C:\Users\Utilisateur\Desktop\adwcleaner_5.119.exe
2016-06-07 22:57 - 2016-06-07 22:57 - 00001674 _____ C:\Users\Utilisateur\Desktop\Rapport MBAM.txt
2016-06-07 22:26 - 2016-06-07 22:26 - 00005862 _____ C:\Users\Utilisateur\Desktop\RapportRogue.txt
2016-06-07 22:12 - 2016-06-07 22:12 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-07 22:06 - 2016-06-07 22:06 - 19906632 _____ C:\Users\Utilisateur\Desktop\RogueKiller.exe
2016-06-07 20:59 - 2016-06-08 21:18 - 00004251 _____ C:\Users\Utilisateur\Desktop\Nouveau document texte.txt
2016-06-07 10:28 - 2016-06-07 10:30 - 00078644 _____ C:\Users\Utilisateur\Desktop\Addition.txt
2016-06-07 10:26 - 2016-06-08 22:54 - 00021853 _____ C:\Users\Utilisateur\Desktop\FRST.txt
2016-06-07 10:18 - 2016-06-08 22:53 - 00000000 ____D C:\FRST
2016-06-07 09:58 - 2016-06-07 09:58 - 00003928 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1465307887
2016-06-07 09:58 - 2016-06-07 09:58 - 00001041 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-06-07 09:58 - 2016-06-07 09:58 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-06-07 09:55 - 2016-06-07 09:55 - 00001926 _____ C:\Users\Public\Desktop\Avast Antivirus Gratuit.lnk
2016-06-07 09:54 - 2016-06-07 09:52 - 00161760 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-06-07 09:54 - 2016-06-07 09:52 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-07 09:53 - 2016-06-07 09:53 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-06-07 09:53 - 2016-06-07 09:53 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-07 09:51 - 2016-06-07 09:52 - 02385408 _____ (Farbar) C:\Users\Utilisateur\Desktop\FRST64.exe
2016-05-27 09:21 - 2016-06-07 22:13 - 00000000 ____D C:\Users\Utilisateur\Desktop\Documents (COMPLET)

==================== Un mois - Modifiés - fichiers et dossiers ========

(Si un élément est inclus dans le fichier fixlist.txt, le fichier/dossier sera déplacé.)

2016-06-08 22:52 - 2013-07-11 21:26 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-08 22:52 - 2013-07-11 21:19 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-08 22:52 - 2012-12-07 13:50 - 01926064 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-08 22:52 - 2012-03-25 08:22 - 00914660 _____ C:\Windows\system32\perfh00C.dat
2016-06-08 22:52 - 2012-03-25 08:22 - 00208768 _____ C:\Windows\system32\perfc00C.dat
2016-06-08 22:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-08 22:05 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-08 22:05 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-08 21:57 - 2009-07-14 01:13 - 01873710 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-08 21:55 - 2012-08-24 20:52 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-06-08 21:55 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-06-08 21:47 - 2013-07-11 21:32 - 00000000 ____D C:\Windows\system32\MRT
2016-06-08 21:41 - 2013-11-04 19:36 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000UA.job
2016-06-08 21:27 - 2012-07-28 03:05 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-08 21:27 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2016-06-08 21:26 - 2013-11-04 19:36 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000Core.job
2016-06-07 23:09 - 2013-07-11 21:26 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-07 23:07 - 2012-07-28 02:35 - 00000000 ____D C:\ProgramData\clear.fi
2016-06-07 23:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-07 23:05 - 2014-05-30 21:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-07 22:30 - 2014-05-30 21:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-07 22:29 - 2014-05-30 21:41 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-07 22:29 - 2014-05-30 21:41 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-07 22:29 - 2014-05-30 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-07 22:29 - 2013-03-16 11:31 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-07 22:29 - 2013-03-16 11:31 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-07 22:26 - 2014-05-31 21:57 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-07 13:45 - 2013-07-10 19:30 - 00005836 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-06-07 13:45 - 2009-07-14 01:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-07 13:44 - 2013-03-16 12:39 - 00001947 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-06-07 09:53 - 2014-05-31 23:20 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-06-07 09:53 - 2014-05-31 23:20 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-07 09:53 - 2013-07-10 19:23 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-06-07 09:53 - 2013-07-10 19:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-06-07 09:53 - 2012-08-24 20:52 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-06-07 09:53 - 2012-08-24 20:52 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-06-07 09:53 - 2012-08-24 20:52 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-06-07 09:53 - 2012-08-24 20:51 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-07 09:52 - 2012-08-24 20:52 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-06-07 09:52 - 2012-08-24 20:51 - 00000000 ____D C:\Program Files\AVAST Software
2016-06-02 22:45 - 2014-06-01 21:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-29 23:11 - 2013-07-11 21:28 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-29 23:11 - 2013-07-11 21:28 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-29 23:04 - 2013-07-11 21:26 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-29 23:04 - 2013-07-11 21:26 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-29 22:47 - 2015-01-06 17:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-29 22:45 - 2015-01-06 17:35 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-27 09:31 - 2014-12-16 17:05 - 00000000 ____D C:\Users\Utilisateur\Documents\iSkysoft Video Converter Ultimate
2016-05-27 09:24 - 2015-01-03 14:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-27 09:24 - 2013-07-11 21:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-27 09:24 - 2013-07-11 21:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-27 09:24 - 2013-07-11 21:19 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-27 09:12 - 2009-07-14 00:45 - 00464320 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Fichiers à la racine de certains dossiers =======

2013-11-06 11:44 - 2013-11-06 11:44 - 0000066 _____ () C:\Users\Utilisateur\AppData\Roaming\mbam.context.scan
2012-03-25 07:47 - 2012-03-25 07:49 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-11-04 20:06 - 2012-11-04 20:06 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-01-02 15:19 - 2015-01-02 15:19 - 0000178 _____ () C:\ProgramData\lxdx.log

==================== Bamital & volsnap =================

(Il n'y a pas de correction automatique pour les fichiers qui ne satisfont pas à la vérification.)

C:\Windows\system32\winlogon.exe => Le fichier est signé numériquement
C:\Windows\system32\wininit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\wininit.exe => Le fichier est signé numériquement
C:\Windows\explorer.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\explorer.exe => Le fichier est signé numériquement
C:\Windows\system32\svchost.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\svchost.exe => Le fichier est signé numériquement
C:\Windows\system32\services.exe => Le fichier est signé numériquement
C:\Windows\system32\User32.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\User32.dll => Le fichier est signé numériquement
C:\Windows\system32\userinit.exe => Le fichier est signé numériquement
C:\Windows\SysWOW64\userinit.exe => Le fichier est signé numériquement
C:\Windows\system32\rpcss.dll => Le fichier est signé numériquement
C:\Windows\system32\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\SysWOW64\dnsapi.dll => Le fichier est signé numériquement
C:\Windows\system32\Drivers\volsnap.sys => Le fichier est signé numériquement


LastRegBack: 2016-01-11 14:58

==================== Fin de FRST.txt ============================

 

[needhelp51]

ADDITION PART 1:

Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version:06-06-2016
Exécuté par Utilisateur (2016-06-08 22:54:41)
Exécuté depuis C:\Users\Utilisateur\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-28 06:02:47)
Mode d'amorçage: Normal
==========================================================


==================== Comptes: =============================

Administrateur (S-1-5-21-3561402276-1669811274-1820601791-500 - Administrator - Disabled)
Invité (S-1-5-21-3561402276-1669811274-1820601791-501 - Limited - Disabled)
Utilisateur (S-1-5-21-3561402276-1669811274-1820601791-1000 - Administrator - Enabled) => C:\Users\Utilisateur

==================== Centre de sécurité ========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Disabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Programmes installés ======================

(Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Avast Antivirus Gratuit (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Canaux de jeu (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 6.1.0.5 - WildTangent, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Explor@ Park (HKLM-x32\...\VTechDownloadManager) (Version: - VTech)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
H&R Block 2015 1.13 (HKLM-x32\...\{6FCD4000-69BF-4387-96FB-2B278B0D4ED1}) (Version: 1.13 - H&R Block)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
LeapFrog Connect (French) (HKLM-x32\...\UPCShell) (Version: 6.1.1.19530 - LeapFrog)
LeapFrog Connect (x32 Version: 6.1.1.19530 - LeapFrog) Hidden
LeapFrog Tag Junior Plugin (x32 Version: 6.1.1.19530 - LeapFrog) Hidden
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office « Démarrer en un clic » 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Office Starter 2010 - Français (HKLM-x32\...\{90140011-0066-040C-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 fr) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 fr)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MP4Joiner v2.1.2 (HKLM-x32\...\MP4Joiner_is1) (Version: - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}) (Version: 4.12.9782 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Relevé 24 Version 2012-MF (HKLM-x32\...\Relevé 24 Version 2012 Version Milieu Familial_is1) (Version: - )
Relevé 24 Version 2013-MF (HKLM-x32\...\Relevé 24 Version 2013 Version Milieu Familial_is1) (Version: - )
Relevé 24 Version 2014-MF (HKLM-x32\...\Relevé 24 Version 2014 Version Milieu Familial_is1) (Version: - )
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin) (HKLM-x32\...\TagJuniorPlugin) (Version: - LeapFrog)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Personnalisé CLSID (Avec liste blanche): ==========================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)


==================== Tâches planifiées (Avec liste blanche) =============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

Task: {116BE369-C3E2-4ACF-B16F-D7BB867F6F54} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {25EDA95A-4AE4-4E93-8CB4-7AADBD906E7E} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {40CB29A8-6E26-4150-9788-3F04A6CE10D9} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {4DDAC371-2FD8-495A-8842-94BAEF186775} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4FCFFE6B-A74E-40CC-A847-4EC84036B978} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4FF0BA5C-1BA8-4B52-B280-F9237A442AD3} - System32\Tasks\SafeZone scheduled Autoupdate 1465307887 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {5AC9029A-A5FF-42C8-9F8B-D0E3276CE7C9} - System32\Tasks\{9DA6A169-A2FA-41D8-B1B6-D334CAA3D2F0} => pcalua.exe -a "C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Task: {6305C233-F05E-40CD-83D1-779581769D66} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000UA => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-04] (Facebook Inc.)
Task: {6CB038DD-636A-4881-B7CF-D177A79A287F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {79E8D535-7AC4-436A-AD3C-AB6C1B65D6A1} - System32\Tasks\{5DE2E2D5-CDB0-4A9F-891E-5120668A1983} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.73.106.456/fr/go/help.faq.installer?LastError=1618
Task: {7DD06E53-9549-4331-BB0A-6D6E2C14DEEC} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {7E5932C8-FA6F-4D54-A6A9-ADB35FACFAAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {85DB4F51-2494-4B7E-8805-28CDDD0E97C3} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {93331F64-DAF6-4E7E-9026-E66E3A99784F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-27] (Adobe Systems Incorporated)
Task: {98CC6DF4-B4E2-4E06-A24C-9CE23077D375} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-07] (COMODO)
Task: {9D9C3B88-7239-4B0F-A114-EA3E58ED0EEF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000Core => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-04] (Facebook Inc.)
Task: {A23519E5-6B57-4738-AFEF-6C3DB8349AA3} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {B9ED65F4-1934-4AA5-8F59-785B06F63C85} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-07] (AVAST Software)
Task: {BDC98A27-4479-4895-87B4-973C59EE3C00} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-06-07] (COMODO)
Task: {C7D27329-AA88-44B8-920E-2A8D9F25AF61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-05-27] (Adobe Systems Incorporated)
Task: {CB5177DB-AA28-4053-A7D5-445069118665} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-05-29] (Microsoft Corporation)
Task: {E9643065-3623-4705-80E9-7768E8D8B0E6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {EC6CD308-5F6E-4ABB-BEE1-67EC45B68F9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-04-12] (Microsoft Corporation)
Task: {EFAD98CC-CDB9-4447-B4CC-80FB77478FAC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-05-29] (Microsoft Corporation)
Task: {F4D8BC0E-7F13-4144-B2C7-A5E5BEB38989} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F7F5F030-281F-47D2-9989-D0998FE3D874} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-06-07] (COMODO)

(Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000Core.job => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3561402276-1669811274-1820601791-1000UA.job => C:\Users\Utilisateur\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Raccourcis =============================

(Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.)

==================== Modules chargés (Avec liste blanche) ==============

2012-11-03 17:18 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2015-01-06 17:35 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-08 21:18 - 2016-06-08 21:18 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\16060801\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2016-06-07 09:53 - 2016-06-07 09:53 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-07 10:45 - 2016-06-07 10:45 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\517f6ac3a3d9fbdb4380859f99108c77\IsdiInterop.ni.dll
2011-10-13 17:38 - 2010-09-13 21:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-05-29 23:11 - 2016-05-11 07:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-29 23:11 - 2016-05-11 07:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Avec liste blanche) =========

(Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]

 

[needhelp51]

AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FlyUsb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\adwcleaner_5.119.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\rkill.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\RogueKiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\RogueKiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Downloads\iExplore (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Downloads\iExplore.exe:$CmdZnID [26]

==================== Mode sans échec (Avec liste blanche) ===================

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.)


==================== Association (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.)


==================== Internet Explorer sites de confiance/sensibles ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.)


==================== Hosts contenu: ===============================

(Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.)

2009-07-13 22:34 - 2016-06-08 21:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Autres zones ============================

(Actuellement, il n'y a pas de correction automatique pour cette section.)

HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Le Pare-feu is disabled.

==================== MSCONFIG/TASK MANAGER éléments désactivés ==

(Actuellement, il n'y a pas de correction automatique pour cette section.)


==================== RèglesPare-feu (Avec liste blanche) ===============

(Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.)

FirewallRules: [{70969C10-61F7-42B4-BDC8-917270BE7C33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B13AA4C6-50D3-420B-9874-6E867BD24A1E}] => (Allow) LPort=2869
FirewallRules: [{30124E73-E94B-4911-83FC-022D4E216A5E}] => (Allow) LPort=1900
FirewallRules: [{8440651C-DF0A-4C6E-8E37-96F8593DD308}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{169C2CCE-9D71-4877-AC67-F9C167B8D0F0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{40568FC8-A3B6-4A37-AA7D-B5C368482A62}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{384BDA83-03FC-4DA2-A2A0-C35753D2F809}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{8F3D6905-F581-4331-B6DA-913AEA8DB8F1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{B2A22939-E23E-4006-9798-63D77C326712}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{54DBB9B5-1C85-4D6B-883D-3563BAFA2B1F}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{008DA9DB-506E-4009-B9FF-3908242C07BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05445CCC-06E2-4E35-AD7F-BCDF5E870CCF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{23D09075-C973-43AA-858B-7A4C17A0781D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E3DA6737-5D93-46B0-A626-6F413DA73308}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F8C006C5-BD5A-40FC-98B3-0E3D0F6235EE}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{13F8D7A2-8E77-45DA-A4A7-BCEB2B5627AD}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{91F9A524-CBAB-489D-854F-DAA7FC3B1F86}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{CE244355-C11B-48CF-91EE-BC57539E4F1B}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{B983845B-2CE1-4F19-8E91-44AC321E0FB4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{85B68524-E70B-400E-8F9C-530793C13874}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{EB0D8EE0-E5B3-4019-B922-FACF62C46601}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{C28C110B-89D1-40A4-BEE2-01EB778D41F6}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{2084BC90-62DF-45F4-B596-67E1BFD5E8E6}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxlscn.exe
FirewallRules: [{4AA0E4CD-E65C-4E7B-A5D7-40915FF8D4A3}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxlscn.exe
FirewallRules: [TCP Query User{5AA57B40-3449-49C9-B73D-AA1CFD8C650F}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe] => (Block) C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe
FirewallRules: [UDP Query User{2BF6D17C-CC83-4080-A2CB-98BE2D666B2C}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe] => (Block) C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe
FirewallRules: [{90A44C2F-BADF-4E20-A83D-BA5D4F587800}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{8E1769DB-83BB-46D5-ABCA-B69BF5649CA1}] => (Allow) C:\Users\Utilisateur\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{E02370DC-8CCF-4CB7-89F1-01A6C5BD28CC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{02E1BBC2-1E9F-4FD2-AB41-D03F13827A15}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{424DD0A4-874C-43DC-A29B-9205B2E0653C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1BC162E7-C5E3-43F1-9FAE-B174ADA7C96D}] => (Allow) C:\Users\Utilisateur\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A29D3A15-CF04-4F87-81F9-4CAD08045542}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{95C89E5B-B61B-44E3-AA32-977FCA9E02F5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{04C4AD87-280D-46D6-AF84-361E6FDC194D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{152620B7-1684-496D-8448-7A836E99906F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Points de restauration =========================

06-01-2016 07:52:29 Windows Update
07-01-2016 08:40:25 Windows Update
08-01-2016 07:51:31 Windows Update
09-01-2016 17:33:05 Windows Update
10-01-2016 11:22:50 Windows Update
12-01-2016 09:13:48 Windows Update
13-01-2016 09:16:07 Windows Update
14-01-2016 09:21:46 Windows Update
15-01-2016 14:41:23 Windows Update
15-01-2016 15:08:54 Windows Update
15-01-2016 21:49:46 Windows Update
19-01-2016 08:17:32 Windows Update
20-01-2016 08:17:21 Windows Update
21-01-2016 08:34:59 Windows Update
22-01-2016 07:55:43 Windows Update
24-01-2016 19:45:52 Windows Update
25-01-2016 08:49:55 Windows Update
26-01-2016 12:51:22 Windows Update
27-01-2016 08:44:34 Windows Update
28-01-2016 13:11:53 Windows Update
29-01-2016 07:53:38 Windows Update
01-02-2016 08:00:22 Windows Update
02-02-2016 07:52:51 Windows Update
03-02-2016 08:08:40 Windows Update
04-02-2016 08:46:35 Windows Update
05-02-2016 07:54:46 Windows Update
08-02-2016 10:56:44 Windows Update
12-02-2016 07:56:33 Windows Update
15-02-2016 00:06:05 Windows Update
17-02-2016 07:57:54 Windows Update
20-02-2016 14:09:50 Windows Update
26-02-2016 11:21:21 Windows Update
29-02-2016 08:15:21 Windows Update
14-03-2016 13:03:18 Windows Update
14-03-2016 14:08:24 Windows Update
01-04-2016 09:47:16 Windows Update
01-04-2016 10:41:07 Windows Update
11-04-2016 09:28:12 Windows Update
11-04-2016 09:38:51 Installed H&R Block 2015 1.13
18-04-2016 10:48:45 Windows Update
27-05-2016 09:54:05 Windows Update
29-05-2016 23:17:51 Windows Update
07-06-2016 23:10:41 JRT Pre-Junkware Removal
08-06-2016 21:17:43 Windows Update

==================== Éléments en erreur du Gestionnaire de périphériques =============


==================== Erreurs du Journal des événements: =========================

Erreurs Application:
==================
Error: (06/08/2016 10:53:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme FRST64.exe version 6.6.2016.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 1b48

Heure de début : 01d1c1f9f4f85eb1

Heure de fin : 15

Chemin d’accès de l’application : C:\Users\Utilisateur\Desktop\FRST64.exe

ID de rapport :

Error: (06/08/2016 10:52:07 PM) (Source: MsiInstaller) (EventID: 1024) (User: AUTORITE NT)
Description: Produit : Microsoft Office « Démarrer en un clic » 2010 - La mise à jour ‘Update for Microsoft Office 2010 (KB2986257) 32-Bit Edition’ n’a pas pu être installée. Code d’erreur 1603. Windows Installer peut créer des journaux pour faciliter la résolution des éventuelles erreurs d’installation des packages logiciels. Utilisez le lien suivant pour afficher des instructions concernant l’activation des journaux : http://go.microsoft.com/fwlink/?LinkId=23127

Error: (06/08/2016 10:08:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6334

Error: (06/08/2016 10:08:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6334

Error: (06/08/2016 10:08:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2016 10:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5320

Error: (06/08/2016 10:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5320

Error: (06/08/2016 10:08:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2016 10:08:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4259

Error: (06/08/2016 10:08:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4259


Erreurs système:
=============
Error: (06/08/2016 10:52:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/08/2016 09:54:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Le service PEVSystemStart est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.

Error: (06/08/2016 09:52:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Le chargement de \??\C:\ComboFix\catchme.sys a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel pour obtenir une version compatible du pilote.

Error: (06/08/2016 09:44:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Le service PEVSystemStart est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.

Error: (06/08/2016 09:16:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service PlugPlay.

Error: (06/07/2016 11:07:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service GREGService n’a pas pu démarrer en raison de l’erreur :
%%1053

Error: (06/07/2016 11:07:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service GREGService.

Error: (06/07/2016 11:06:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Garmin Core Update Service n’a pas pu démarrer en raison de l’erreur :
%%1053

Error: (06/07/2016 11:06:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Garmin Core Update Service.

Error: (06/07/2016 11:05:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Apple Mobile Device n’a pas pu démarrer en raison de l’erreur :
%%109


CodeIntegrity:
===================================
Date: 2016-06-08 21:52:29.638
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2016-06-08 21:52:29.466
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2014-05-31 23:08:13.611
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Your_name\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

Date: 2014-05-31 23:08:13.502
Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume3\Your_name\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.


==================== Infos Mémoire ===========================

Processeur: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Pourcentage de mémoire utilisée: 43%
Mémoire physique - RAM - totale: 5995.86 MB
Mémoire physique - RAM - disponible: 3416.9 MB
Mémoire virtuelle totale: 11989.93 MB
Mémoire virtuelle disponible: 5294.68 MB

==================== Lecteurs ================================

Drive c: (Acer) (Fixed) (Total:451.66 GB) (Free:275.28 GB) NTFS

==================== MBR & Table des partitions ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 37E1A04C)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)

==================== Fin de Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[needhelp51]

Here is the fixlog :

Résultats de correction de Farbar Recovery Scan Tool (x64) Version:06-06-2016
Exécuté par Utilisateur (2016-06-08 23:08:27) Run:1
Exécuté depuis C:\Users\Utilisateur\Desktop
Profils chargés: Utilisateur (Profils disponibles: Utilisateur)
Mode d'amorçage: Normal
==============================================

fixlist contenu:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - Pas de fichier
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2013-11-06 11:44 - 2013-11-06 11:44 - 0000066 _____ () C:\Users\Utilisateur\AppData\Roaming\mbam.context.scan
2012-03-25 07:47 - 2012-03-25 07:49 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-11-04 20:06 - 2012-11-04 20:06 - 0000252 _____ () C:\ProgramData\FastPics.log
2015-01-02 15:19 - 2015-01-02 15:19 - 0000178 _____ () C:\ProgramData\lxdx.log
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FlyUsb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\adwcleaner_5.119.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\JRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\rkill.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\RogueKiller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Utilisateur\Desktop\RogueKiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Downloads\iExplore (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Utilisateur\Downloads\iExplore.exe:$CmdZnID [26]
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]


*****************

 

[needhelp51]

Fixlog part 2:

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => clé supprimé(es) avec succès
"HKU\S-1-5-21-3561402276-1669811274-1820601791-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => clé supprimé(es) avec succès
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valeur restauré(es) avec succès
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => valeur supprimé(es) avec succès
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => clé supprimé(es) avec succès
"HKCR\PROTOCOLS\Handler\livecall" => clé supprimé(es) avec succès
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => clé non trouvé(e).
"HKCR\PROTOCOLS\Handler\msnim" => clé supprimé(es) avec succès
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => clé non trouvé(e).
catchme => service supprimé(es) avec succès
C:\Users\Utilisateur\AppData\Roaming\mbam.context.scan => déplacé(es) avec succès
C:\ProgramData\ArcadeDeluxe5.log => déplacé(es) avec succès
C:\ProgramData\FastPics.log => déplacé(es) avec succès
C:\ProgramData\lxdx.log => déplacé(es) avec succès
"C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\webcheck.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WebClnt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wininet.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\winload.efi" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\winload.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\winresume.efi" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\winresume.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WinSetupUI.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\winsrv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wksprt.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMADMOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMADMOE.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMALFXGFXDSP.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wmdrmsdk.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wmp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMPhoto.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wmploc.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wmpmde.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMSPDMOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMSPDMOE.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMVDECOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMVENCOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMVSDECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMVSENCD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\WMVXENCD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wow64.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wow64cpu.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wow64win.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wpdshext.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wu.upgrade.ps.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wuapi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wuapp.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wuauclt.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wuaueng.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wucltux.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wudriver.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wups.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wups2.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wuwebv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\advapi32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\apisetschema.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\apphelp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\appidapi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\asycfilt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\atmfd.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\atmlib.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\AudioEng.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\AUDIOKSE.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\AudioSes.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\authui.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\bcryptprimitives.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\blackbox.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\catsrvut.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\certcli.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\cewmdm.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\COLORCNV.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\comctl32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\comsvcs.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\CPFilters.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\cryptbase.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\cryptsp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\cryptui.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\d3d10warp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\davclnt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\dciman32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\devenum.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\diskperf.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\drmmgrtn.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\drmv2clt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\dwmapi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\dwmcore.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\DWrite.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\dxmasf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\dxtmsft.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\dxtrans.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\EncDec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\evr.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\explorer.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ExplorerFrame.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\fontsub.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ieapfltr.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\iedkcs32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ieetwproxystub.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ieframe.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\iernonce.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\iertutil.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\iesetup.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ieui.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ieUnatt.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\inetcpl.cpl" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\InkEd.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\inseng.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\instnm.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\jscript.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\jscript9.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\jscript9diag.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\jsproxy.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\KBDAZE.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\KBDAZEL.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\kbdgeoqw.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\kernel32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\KernelBase.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ksproxy.ax" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ksuser.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\logman.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\lpk.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mfds.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mferror.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mfpmp.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mfps.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mfvdsp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\MFWMAAEC.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\MP3DMOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\MP43DECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\MP4SDECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\MPG4DECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msctf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msdxm.ocx" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msfeeds.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\MshtmlDac.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mshtmled.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mshtmlmedia.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msmpeg2adec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msmpeg2vdec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msnetobj.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msorcl32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msrating.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msscp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mstscax.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msxml3.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msxml3r.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msxml6.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\msxml6r.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\mtxoci.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ncsi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\nlaapi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\nlsbres.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\notepad.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ntdll.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ntvdm64.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\occache.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ole32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\poqexec.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\qasf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\qedit.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\quartz.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\rdvidcrl.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\relog.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\rpcrt4.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\rrinstaller.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\scesrv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\sdbinst.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\sechost.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\setup16.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\shell32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\shimeng.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\spwmp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\tracerpt.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\tsgqec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\typeperf.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\tzres.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\ubpm.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\urlmon.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\user.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\user32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\usp10.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\vbscript.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\VIDRESZR.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wdi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\webcheck.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WebClnt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WindowsCodecs.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wininet.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMADMOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMADMOE.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wmdrmsdk.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wmp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMPhoto.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wmploc.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wmpmde.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMSPDMOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMSPDMOE.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMVDECOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMVENCOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMVSDECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMVSENCD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\WMVXENCD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wow32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wpdshext.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wshrm.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wuapi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wuapp.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wudriver.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wups.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SysWOW64\wuwebv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\afd.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\appid.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\cng.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\drmk.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\drmkaud.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\FlyUsb.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mountmgr.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mrxsmb.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mrxsmb10.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mrxsmb20.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\ndis.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\ntfs.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\PEAuth.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\portcls.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\tdx.sys" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\Drivers\USBSTOR.SYS" => ":$CmdTcID" ADS non trouvé(e).
"C:\Users\Utilisateur\Desktop\adwcleaner_5.119.exe" => ":$CmdTcID" ADS non trouvé(e).
C:\Users\Utilisateur\Desktop\FRST64.exe => ":$CmdZnID" ADS supprimé(es) avec succès.
"C:\Users\Utilisateur\Desktop\JRT.exe" => ":$CmdTcID" ADS non trouvé(e).
C:\Users\Utilisateur\Desktop\JRT.exe => ":$CmdZnID" ADS supprimé(es) avec succès.
C:\Users\Utilisateur\Desktop\rkill.exe => ":$CmdZnID" ADS supprimé(es) avec succès.
"C:\Users\Utilisateur\Desktop\RogueKiller.exe" => ":$CmdTcID" ADS non trouvé(e).
C:\Users\Utilisateur\Desktop\RogueKiller.exe => ":$CmdZnID" ADS supprimé(es) avec succès.
C:\Users\Utilisateur\Downloads\iExplore (1).exe => ":$CmdZnID" ADS supprimé(es) avec succès.
C:\Users\Utilisateur\Downloads\iExplore.exe => ":$CmdZnID" ADS supprimé(es) avec succès.
"C:\Windows\avastSS.scr" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\explorer.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\grep.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\MBR.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\NIRCMD.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\PEV.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\sed.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SWREG.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SWSC.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\SWXCACLS.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\zip.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\acmigration.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\advapi32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\aeinv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\aelupsvc.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\aitstatic.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\apisetschema.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\apphelp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\appidapi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\appidcertstorecheck.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\appidpolicyconverter.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\appidsvc.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\appinfo.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\appraiser.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\atmfd.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\atmlib.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\audiodg.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\AudioEng.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\AudioSes.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\audiosrv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\authui.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\basesrv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\bcryptprimitives.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\blackbox.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\certcli.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ci.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\COLORCNV.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\comctl32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\CompatTelRunner.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\conhost.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\consent.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\CPFilters.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\cryptbase.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\cryptsp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\cryptui.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\csrsrv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\d3d10warp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\davclnt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\dciman32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\devenum.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\devinv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\diskperf.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\drmmgrtn.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\drmv2clt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\dwmapi.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\dwmcore.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\DWrite.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\dxmasf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\dxtmsft.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\dxtrans.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\EncDec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\EncDump.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\evr.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ExplorerFrame.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\FntCache.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\fontsub.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\generaltel.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ie4uinit.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ieapfltr.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\iedkcs32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ieetwcollector.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ieetwcollectorres.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ieetwproxystub.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ieframe.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\iernonce.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\iertutil.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\iesetup.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ieui.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ieUnatt.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\inetcpl.cpl" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\InkEd.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\inseng.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\invagent.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\JavaScriptCollectionAgent.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\jnwmon.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\jscript.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\jscript9.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\jscript9diag.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\jsproxy.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\KBDAZE.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\KBDAZEL.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\kbdgeoqw.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\kerberos.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\kernel32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\KernelBase.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ksproxy.ax" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ksuser.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\logman.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\lpk.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mcmde.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mfds.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mferror.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mfplat.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mfpmp.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mfps.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mfvdsp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MFWMAAEC.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MP3DMOD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MP43DECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MP4SDECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MPG4DECD.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msctf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msdxm.ocx" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msfeeds.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mshtml.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MshtmlDac.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mshtmled.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mshtmlmedia.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msmmsp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msmpeg2adec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msmpeg2vdec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msnetobj.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msrating.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msscp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\MsSpellCheckingFacility.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mstscax.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msxml3.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msxml3r.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msxml6.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\msxml6r.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\mtxoci.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\nlasvc.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\nlsbres.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ntdll.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ntoskrnl.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ntvdm64.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\occache.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ole32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\pcadm.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\pcaevts.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\pcalua.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\pcasvc.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\pcawrk.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\poqexec.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\profsvc.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\qasf.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\qdvd.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\quartz.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\rdpcorets.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\RdpGroupPolicyExtension.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\rdpudd.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\rdvidcrl.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\relog.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\rpcrt4.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\schedsvc.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\sdbinst.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\sechost.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\seclogon.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\services.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\setbcdlocale.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\shell32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\shimeng.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\smss.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\spwmp.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\SysFxUI.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\sysmain.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\tracerpt.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\tsgqec.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\typeperf.exe" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\tzres.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\ubpm.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\urlmon.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\user32.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\vbscript.dll" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\VIDRESZR.DLL" => ":$CmdTcID" ADS non trouvé(e).
"C:\Windows\system32\wdi.dll" => ":$CmdTcID" ADS non trouvé(e).

==== Fin de Fixlog 23:08:29 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[needhelp51]

Checkup log:

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.242
Adobe Reader XI
Mozilla Firefox 34.0.5 Firefox out of Date!
Google Chrome (50.0.2661.102)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

 

[needhelp51]

Farbar log:

Farbar Service Scanner Version: 27-01-2016
Ran by Utilisateur (administrator) on 08-06-2016 at 23:28:49
Running from "C:\Users\Utilisateur\Desktop"
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[needhelp51]

TFC completed.
Sophos came out clean, no log.

 

[Broni]

Update Firefox to the current version.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

==============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[needhelp51]

Great, thanks !

I have two questions:

1- Does comment #3 applies to my situation?

2- WinUpdate had downloaded an update before we began. And it was somehow automatically installed by windows at some point during our work. now I am prompted to reboot to complete that installation. Is it safe to do so?

 

[Broni]

1 - no
2 - yes

Good luck and stay safe