Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013 Ran by Système on 13-06-2013 20:22:04 Running from K:\ Windows 7 Home Premium (X64) OS Language: French Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe [86016 2011-10-09] () HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-06] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-11] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] () HKU\EdoMarie\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd) HKU\EdoMarie\...\Run: [Facebook Update] "C:\Users\EdoMarie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.) HKU\EdoMarie\...\RunOnce: [Uninstall C:\Users\EdoMarie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\EdoMarie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [x] HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe /default [154144 2010-07-29] () AppInit_DLLs: [0 ] () Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Wireless Connection Manager.lnk ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe (D-Link Corp.) Startup: C:\ProgramData\Start Menu\Programs\Startup\ZDWLan Utility.lnk ShortcutTarget: ZDWLan Utility.lnk -> C:\Program Files (x86)\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () Startup: C:\Users\EdoMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-30] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-30] (Avira Operations GmbH & Co. KG) S2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] () S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [167936 2008-06-26] () S2 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [x] ==================== Drivers (Whitelisted) ==================== S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare) S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG) S3 driverhardwarev2x64; C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [15872 2010-08-30] (CybelSoft) S3 DSDrv4; C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [7168 2005-02-13] () S3 DSDrv4; C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [7168 2005-02-13] () S3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-26] (DT Soft Ltd) S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation) S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [33792 2005-03-09] () S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-10] (ManyCam LLC) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2013-04-26] (Duplex Secure Ltd.) S3 VCam_WDM; C:\Windows\System32\DRIVERS\VCam_WDM.sys [104120 2012-05-25] (e2eSoft) S3 catchme; \??\C:\Users\EdoMarie\AppData\Local\Temp\catchme.sys [x] S3 libusb0; system32\drivers\libusb0.sys [x] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x] S2 SBKUPNT; S2 V2iMount; ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrxusb.sys 788914C42AD8318F1DD7A565EAFFB049 C:\Windows\System32\DRIVERS\avgntflt.sys 09E6069EF94B345061B4BD3CEBD974C8 C:\Windows\System32\DRIVERS\avipbb.sys 488486DAD09A5B6C6DBB8B990A8B2307 C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ssudbus.sys 41AC348DBD378F618CB4FDEE54270692 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361 C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys 3F9933FAC064A84A293207F039860DE7 C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys 692EF4D0DC4B2B722E967B1A355564F0 C:\PROGRA~2\K!TV\Plugins\S_Bt8x8\DSDrv4.sys 692EF4D0DC4B2B722E967B1A355564F0 C:\Windows\System32\DRIVERS\dtsoftbus01.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys B16B626996C74B564005BA855C5DEE90 C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\System32\DRIVERS\GenericMount.sys 022807B149127B8FAA3DBEB13A7D9B41 C:\Windows\System32\drivers\hcw88aud.sys CE18A0F7387AD605D49546D28B752C19 C:\Windows\System32\drivers\hcw88bda.sys BBD63DE84CEFF26A7B9D86883F1E2E2C C:\Windows\System32\drivers\hcw88tse.sys 34685FE0AEA24A1B60D0A4D467033DAD C:\Windows\System32\drivers\hcw88tun.sys 4F6B549347FDF0212F5496711D751271 C:\Windows\System32\drivers\hcw88vid.sys 79CA05A71DFD411E70D2FD2DE5829F97 C:\Windows\System32\drivers\HCW88BAR.sys 6AFA200796E505E302A5449E3A369812 C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys 24CC43ECDEEFD4C19FBBEE4951B647F1 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys 96B0A408842B0E214EDCB41E89438999 C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\libusb0.sys E2F1DCF4A68CC6CF694FBFBA1842F4CD C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lv302a64.sys 4A503882318BB2F59218D401614E6AF6 C:\Windows\System32\DRIVERS\lvrs64.sys 125AE13C293889001B8456CF3EB04A40 C:\Windows\System32\DRIVERS\mcvidrv_x64.sys 922CBAC7B992B9614CAB7122F4BF9406 C:\Windows\System32\drivers\mcaudrv_x64.sys 34A42DD7CF525D0D2C5232916496E4B8 C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\LV302V64.SYS AE0B94363DA0F60D42B9D05B352F61ED C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RMCAST.sys CAF88D6573D21CD2AA27001DDBFDC74D C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0 C:\Windows\System32\DRIVERS\RTL8192su.sys 3C85058541D55BFCEFD9177A68A507C6 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Sftfslh.sys C6CC9297BD53E5229653303E556AA539 C:\Windows\System32\DRIVERS\Sftplaylh.sys 390AA7BC52CEE43F6790CDEA1E776703 C:\Windows\System32\DRIVERS\Sftredirlh.sys 617E29A0B0A2807466560D4C4E338D3E C:\Windows\System32\DRIVERS\Sftvollh.sys 8F571F016FA1976F445147E9E6C8AE9B C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys 4B3F898DC1378CED2F35D04E5B0CE0DF C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\System32\DRIVERS\ssudmdm.sys B4C983DA20E2970E21893BF0E4EE2AD8 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\DRIVERS\VCam_WDM.sys 9024E915F803431E2C2C85070DC919FB C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917 C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20 C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233 C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== Error(0) reading file: "C:\Windows\System32\ " 2013-06-13 20:21 - 2013-06-13 20:21 - 00000000 ____D C:\FRST 2013-06-13 08:13 - 2013-06-13 08:13 - 00012924 ____A C:\Users\EdoMarie\Desktop\06132013_180646.log 2013-06-13 08:06 - 2013-06-13 08:06 - 00000000 ____D C:\_OTL 2013-06-13 05:58 - 2013-06-13 05:59 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (7) 2013-06-12 23:50 - 2013-06-13 00:11 - 00000000 ____D C:\Users\EdoMarie\U Torrent 2013-06-12 12:01 - 2013-06-12 12:01 - 04009167 ____A C:\Users\EdoMarie\Desktop\ServicesRepair.exe 2013-06-12 11:30 - 2013-06-12 11:31 - 00355651 ____A (Farbar) C:\Users\EdoMarie\Desktop\FSS.exe 2013-06-12 11:27 - 2013-06-13 08:10 - 00000336 ____A C:\Windows\setupact.log 2013-06-12 11:27 - 2013-06-12 11:27 - 00000820 ____A C:\Windows\PFRO.log 2013-06-12 11:27 - 2013-06-12 11:27 - 00000000 ____A C:\Windows\setuperr.log 2013-06-12 11:13 - 2013-06-12 11:13 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-12 11:12 - 2013-06-12 11:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-12 11:12 - 2013-04-04 04:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-06-12 11:08 - 2013-06-12 11:11 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\EdoMarie\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-12 09:34 - 2013-06-12 09:34 - 00816128 ____A C:\Users\EdoMarie\Desktop\RogueKiller.exe 2013-06-12 08:27 - 2013-06-12 08:27 - 00602112 ____A (OldTimer Tools) C:\Users\EdoMarie\Desktop\OTL.exe 2013-06-12 08:22 - 2013-06-12 08:27 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (5) 2013-06-12 05:40 - 2013-06-12 05:40 - 00648201 ____A C:\Users\EdoMarie\Downloads\adwcleaner.exe 2013-06-12 04:15 - 2013-06-12 04:15 - 00001860 ____A C:\Users\maman\Desktop\AD-R.lnk 2013-06-12 04:15 - 2013-06-12 04:15 - 00001860 ____A C:\Users\EdoMarie\Desktop\AD-R.lnk 2013-06-12 03:29 - 2013-06-12 04:10 - 00000000 ____D C:\ZHP 2013-06-12 03:29 - 2013-06-12 03:29 - 00001956 ____A C:\Users\Public\Desktop\ZHPFix.lnk 2013-06-12 03:29 - 2013-06-12 03:29 - 00001829 ____A C:\Users\Public\Desktop\ZHPDiag.lnk 2013-06-12 03:29 - 2013-06-12 03:29 - 00000967 ____A C:\Users\Public\Desktop\MBRCheck.lnk 2013-06-12 03:26 - 2013-06-12 03:26 - 05676095 ____A (Nicolas Coolman ) C:\Users\EdoMarie\Downloads\ZHPDiag2.exe 2013-06-12 03:21 - 2013-06-12 03:21 - 00197870 ____A C:\Users\EdoMarie\Downloads\MicrosoftFixit20084.mini.diagcab 2013-06-12 03:09 - 2013-06-12 03:09 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-12 02:47 - 2013-06-12 03:01 - 1047527424 ____A C:\Users\EdoMarie\Downloads\fhd-ttnc720.part1.rar 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\tr-TR 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\th-TH 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\ro-RO 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\he-IL 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\ar-SA 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Program Files (x86)\Windows Virtual PC 2013-06-12 00:53 - 2010-11-20 05:34 - 00360832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpcvmm.sys 2013-06-12 00:53 - 2010-11-20 05:34 - 00194944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpchbus.sys 2013-06-12 00:53 - 2010-11-20 05:27 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\vpchbuspipe.dll 2013-06-12 00:53 - 2010-11-20 05:25 - 04514816 ____A (Microsoft Corporation) C:\Windows\System32\vpc.exe 2013-06-12 00:53 - 2010-11-20 05:25 - 02264064 ____A (Microsoft Corporation) C:\Windows\System32\VPCWizard.exe 2013-06-12 00:53 - 2010-11-20 05:25 - 01369600 ____A (Microsoft Corporation) C:\Windows\System32\VPCSettings.exe 2013-06-12 00:53 - 2010-11-20 03:37 - 01210368 ____A (Microsoft Corporation) C:\Windows\System32\VMWindow.exe 2013-06-12 00:53 - 2010-11-20 03:37 - 00936448 ____A (Microsoft Corporation) C:\Windows\System32\vmsal.exe 2013-06-12 00:53 - 2010-11-20 03:35 - 00562176 ____A (Microsoft Corporation) C:\Windows\System32\VMCPropertyHandler.dll 2013-06-12 00:53 - 2010-11-20 03:35 - 00095232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpcusb.sys 2013-06-12 00:53 - 2010-11-20 03:35 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\vpcnfltr.sys 2013-06-12 00:53 - 2010-11-20 02:52 - 00793600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vmsal.exe 2013-06-12 00:52 - 2013-06-12 00:52 - 17091624 ____A C:\Users\EdoMarie\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu 2013-06-12 00:51 - 2013-06-12 00:51 - 16070039 ____A C:\Users\EdoMarie\Downloads\Windows6.1-KB958559-x86-RefreshPkg.msu 2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage 2013-06-12 00:47 - 2013-06-12 00:47 - 01528184 ____A (Microsoft Corporation) C:\Users\EdoMarie\Downloads\GenuineCheck.exe 2013-06-12 00:17 - 2013-05-16 17:25 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 00:17 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 00:17 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 00:17 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 00:17 - 2013-05-16 16:58 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 00:17 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 00:17 - 2013-05-14 05:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 00:17 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 00:17 - 2013-05-14 01:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 00:17 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 23:49 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 23:49 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 23:49 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 23:49 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 23:49 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 23:49 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 23:49 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 23:49 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 23:49 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 23:48 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 23:48 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 23:48 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 23:48 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 23:48 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 23:48 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 23:48 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 23:48 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 23:48 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 23:48 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-11 14:20 - 2013-06-11 14:20 - 01023485 ____A C:\Users\EdoMarie\Downloads\shinod7.zip 2013-06-11 14:15 - 2013-06-11 14:15 - 92391797 ____A C:\Users\EdoMarie\Downloads\gn98.zip 2013-06-11 12:02 - 2013-06-11 12:10 - 00000000 ____D C:\Users\EdoMarie\Downloads\jeu egypte 2013-06-11 12:01 - 2013-06-11 12:10 - 00000000 ____D C:\Users\EdoMarie\Downloads\les visiteurs le jeu 2013-06-11 11:57 - 2013-06-11 12:12 - 32005504 ____A (Microsoft Corporation) C:\Users\EdoMarie\Downloads\setup (5).exe 2013-06-11 11:34 - 2013-06-11 23:51 - 00000000 ____D C:\Users\EdoMarie\Desktop\Titanic une aventure hors du temps 2013-06-10 23:14 - 2013-06-10 23:15 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (6) 2013-06-07 01:43 - 2013-06-07 12:02 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (6) 2013-06-05 11:26 - 2013-06-05 11:26 - 00000779 ____A C:\Users\EdoMarie\Desktop\launcher - Raccourci.lnk 2013-06-05 06:44 - 2013-06-05 06:44 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\2K Games 2013-06-05 04:37 - 2013-06-05 06:16 - 00000000 ____D C:\Users\EdoMarie\Desktop\patch fr mafia 2 2013-06-05 03:27 - 2013-06-05 03:28 - 00000000 ____D C:\watch dogs 2013-06-04 12:21 - 2013-06-04 12:21 - 00000000 ____D C:\Users\EdoMarie\Documents\TikGames 2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\SKIDROW 2013-05-31 05:56 - 2013-05-31 05:56 - 00001960 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk 2013-05-31 05:56 - 2013-05-31 05:56 - 00000000 ____D C:\ProgramData\Visan 2013-05-31 05:56 - 2013-05-31 05:56 - 00000000 ____D C:\ProgramData\HP Photo Creations 2013-05-31 05:56 - 2013-05-31 05:56 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2013-05-31 05:55 - 2013-05-31 05:55 - 00002281 ____A C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk 2013-05-31 05:55 - 2013-05-31 05:55 - 00001203 ____A C:\Users\Public\Desktop\Achat de consommables - HP Deskjet 1050 J410 series.lnk 2013-05-31 05:54 - 2013-05-31 05:54 - 00000057 ____A C:\ProgramData\Ament.ini 2013-05-31 05:53 - 2013-05-31 05:53 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\HP 2013-05-26 10:58 - 2013-05-26 10:58 - 00000522 ____A C:\Users\EdoMarie\Downloads\D21297DF7C8288382A5113902BEC6FF2207EA11C.torrent 2013-05-26 07:23 - 2013-05-26 07:23 - 00026112 ____A C:\Users\EdoMarie\Downloads\The Last Express v1.02 Multi-Langues.torrent 2013-05-26 06:58 - 2013-05-26 06:59 - 06885984 ____A (http://www.express-files.com/) C:\Users\EdoMarie\Downloads\the_last_express_downloader_fr_133.exe 2013-05-26 06:49 - 2013-05-26 06:52 - 00001614 ____A C:\Users\EdoMarie\Desktop\_le - Raccourci.lnk 2013-05-26 06:42 - 2013-05-26 06:49 - 00001669 ____A C:\Users\EdoMarie\Desktop\ExpressW - Raccourci.lnk 2013-05-26 06:19 - 2013-05-26 06:19 - 00000000 ____D C:\Program Files (x86)\Interplay 2013-05-26 06:06 - 2013-05-26 06:10 - 00000000 ____D C:\Users\EdoMarie\Desktop\last express game 2013-05-26 05:56 - 2013-05-26 05:56 - 00042013 ____A C:\Users\EdoMarie\Downloads\The.Last.Express.Collectors.Edition.FRENCH.KOMONA (1).torrent 2013-05-26 04:08 - 2013-05-26 04:08 - 00014879 ____A C:\Users\EdoMarie\Downloads\T.Expen.2-.torrent 2013-05-26 03:04 - 2013-05-26 04:10 - 00000000 ____D C:\Users\EdoMarie\Desktop\The-Last-Express 2013-05-26 03:01 - 2013-05-26 03:01 - 00042013 ____A C:\Users\EdoMarie\Downloads\The.Last.Express.Collectors.Edition.FRENCH.KOMONA.torrent 2013-05-24 06:44 - 2013-05-24 06:47 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (19) 2013-05-22 11:28 - 2013-05-22 11:28 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (4) 2013-05-22 04:30 - 2013-05-22 04:30 - 00000000 ____D C:\Python25 2013-05-22 04:29 - 2013-05-22 04:29 - 10695680 ____A C:\Users\EdoMarie\Downloads\python-2.5.msi 2013-05-22 04:21 - 2013-05-22 04:21 - 00002073 ____A C:\Users\UpdatusUser\Desktop\Blender.lnk 2013-05-22 04:21 - 2013-05-22 04:21 - 00002073 ____A C:\Users\maman\Desktop\Blender.lnk 2013-05-22 04:19 - 2013-05-22 04:19 - 00000000 ____D C:\Program Files (x86)\Blender Foundation 2013-05-22 03:41 - 2013-05-22 03:41 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\Blender Foundation 2013-05-20 02:53 - 2013-05-26 06:51 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (3) 2013-05-20 02:48 - 2013-05-20 02:49 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (17) 2013-05-19 11:23 - 2013-05-19 11:23 - 00206984 ____A C:\Users\EdoMarie\Downloads\Terminator_1_french_dvdrip_evanetlola.exe 2013-05-19 11:22 - 2013-05-19 11:22 - 00007758 ____A C:\Users\EdoMarie\Downloads\Terminator.Edition.Speciale.1984.FRENCH.BRRiP.XViD.AC3-HuSh.torrent 2013-05-19 11:21 - 2013-05-19 11:21 - 00038684 ____A C:\Users\EdoMarie\Downloads\Terminator 1984 French DvDRip Xvid AC3 Empereur-Team.torrent 2013-05-19 05:33 - 2013-05-19 05:33 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (13) 2013-05-18 15:07 - 2013-05-18 15:07 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (16) 2013-05-14 22:41 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-14 22:41 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-14 22:41 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-14 22:41 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-14 22:41 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-14 22:41 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-14 22:41 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-14 22:41 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-14 22:41 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-14 22:41 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-14 22:41 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-14 22:41 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-14 22:41 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-14 22:41 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll ==================== One Month Modified Files and Folders ======= 2013-06-13 20:21 - 2013-06-13 20:21 - 00000000 ____D C:\FRST 2013-06-13 10:07 - 2010-12-08 14:40 - 01304304 ____A C:\Windows\WindowsUpdate.log 2013-06-13 10:05 - 2010-11-27 09:19 - 00751958 ____A C:\Windows\System32\perfh00C.dat 2013-06-13 10:05 - 2010-11-27 09:19 - 00151714 ____A C:\Windows\System32\perfc00C.dat 2013-06-13 10:05 - 2009-07-13 21:13 - 01676872 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-13 09:46 - 2013-01-15 07:31 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-13 09:34 - 2012-04-14 18:17 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-13 09:21 - 2011-10-28 00:11 - 00001108 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2556019261-561236677-3583937948-1000UA.job 2013-06-13 08:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-13 08:18 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-13 08:18 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-13 08:13 - 2013-06-13 08:13 - 00012924 ____A C:\Users\EdoMarie\Desktop\06132013_180646.log 2013-06-13 08:11 - 2013-01-15 07:31 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-13 08:10 - 2013-06-12 11:27 - 00000336 ____A C:\Windows\setupact.log 2013-06-13 08:10 - 2011-02-25 10:55 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-13 08:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-13 08:06 - 2013-06-13 08:06 - 00000000 ____D C:\_OTL 2013-06-13 06:09 - 2012-04-13 01:59 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\Paint.NET 2013-06-13 05:59 - 2013-06-13 05:58 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (7) 2013-06-13 05:15 - 2012-01-28 04:48 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\uTorrent 2013-06-13 04:52 - 2011-02-26 03:56 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\CrashDumps 2013-06-13 00:33 - 2011-05-06 23:12 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\vlc 2013-06-13 00:21 - 2011-10-28 00:11 - 00001086 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2556019261-561236677-3583937948-1000Core.job 2013-06-13 00:11 - 2013-06-12 23:50 - 00000000 ____D C:\Users\EdoMarie\U Torrent 2013-06-13 00:00 - 2012-01-28 04:49 - 00000000 ____D C:\Program Files (x86)\uTorrent 2013-06-12 23:50 - 2011-02-25 10:46 - 00000000 ____D C:\users\EdoMarie 2013-06-12 12:01 - 2013-06-12 12:01 - 04009167 ____A C:\Users\EdoMarie\Desktop\ServicesRepair.exe 2013-06-12 11:31 - 2013-06-12 11:30 - 00355651 ____A (Farbar) C:\Users\EdoMarie\Desktop\FSS.exe 2013-06-12 11:27 - 2013-06-12 11:27 - 00000820 ____A C:\Windows\PFRO.log 2013-06-12 11:27 - 2013-06-12 11:27 - 00000000 ____A C:\Windows\setuperr.log 2013-06-12 11:13 - 2013-06-12 11:13 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-06-12 11:13 - 2013-06-12 11:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-12 11:11 - 2013-06-12 11:08 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\EdoMarie\Desktop\mbam-setup-1.75.0.1300.exe 2013-06-12 09:34 - 2013-06-12 09:34 - 00816128 ____A C:\Users\EdoMarie\Desktop\RogueKiller.exe 2013-06-12 08:27 - 2013-06-12 08:27 - 00602112 ____A (OldTimer Tools) C:\Users\EdoMarie\Desktop\OTL.exe 2013-06-12 08:27 - 2013-06-12 08:22 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (5) 2013-06-12 08:20 - 2011-05-04 03:11 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\Skype 2013-06-12 08:20 - 2011-02-26 23:49 - 00000000 ____D C:\Users\EdoMarie\Tracing 2013-06-12 08:19 - 2011-03-07 14:17 - 00000000 ____D C:\Windows\Minidump 2013-06-12 05:40 - 2013-06-12 05:40 - 00648201 ____A C:\Users\EdoMarie\Downloads\adwcleaner.exe 2013-06-12 04:15 - 2013-06-12 04:15 - 00001860 ____A C:\Users\maman\Desktop\AD-R.lnk 2013-06-12 04:15 - 2013-06-12 04:15 - 00001860 ____A C:\Users\EdoMarie\Desktop\AD-R.lnk 2013-06-12 04:15 - 2011-06-21 08:37 - 00001860 ____A C:\Users\UpdatusUser\Desktop\AD-R.lnk 2013-06-12 04:10 - 2013-06-12 03:29 - 00000000 ____D C:\ZHP 2013-06-12 04:06 - 2011-06-20 12:47 - 00000000 ____D C:\Program Files (x86)\ZHPDiag 2013-06-12 03:52 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe 2013-06-12 03:29 - 2013-06-12 03:29 - 00001956 ____A C:\Users\Public\Desktop\ZHPFix.lnk 2013-06-12 03:29 - 2013-06-12 03:29 - 00001829 ____A C:\Users\Public\Desktop\ZHPDiag.lnk 2013-06-12 03:29 - 2013-06-12 03:29 - 00000967 ____A C:\Users\Public\Desktop\MBRCheck.lnk 2013-06-12 03:26 - 2013-06-12 03:26 - 05676095 ____A (Nicolas Coolman ) C:\Users\EdoMarie\Downloads\ZHPDiag2.exe 2013-06-12 03:21 - 2013-06-12 03:21 - 00197870 ____A C:\Users\EdoMarie\Downloads\MicrosoftFixit20084.mini.diagcab 2013-06-12 03:09 - 2013-06-12 03:09 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-12 03:01 - 2013-06-12 02:47 - 1047527424 ____A C:\Users\EdoMarie\Downloads\fhd-ttnc720.part1.rar 2013-06-12 01:34 - 2012-04-14 18:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 01:34 - 2011-10-08 13:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\tr-TR 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\th-TH 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\ro-RO 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\he-IL 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Windows\System32\Drivers\ar-SA 2013-06-12 00:58 - 2013-06-12 00:58 - 00000000 ____D C:\Program Files (x86)\Windows Virtual PC 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\th-TH 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ro-RO 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\he-IL 2013-06-12 00:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\ar-SA 2013-06-12 00:52 - 2013-06-12 00:52 - 17091624 ____A C:\Users\EdoMarie\Downloads\Windows6.1-KB958559-x64-RefreshPkg.msu 2013-06-12 00:51 - 2013-06-12 00:51 - 16070039 ____A C:\Users\EdoMarie\Downloads\Windows6.1-KB958559-x86-RefreshPkg.msu 2013-06-12 00:48 - 2013-06-12 00:48 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage 2013-06-12 00:47 - 2013-06-12 00:47 - 01528184 ____A (Microsoft Corporation) C:\Users\EdoMarie\Downloads\GenuineCheck.exe 2013-06-12 00:18 - 2011-03-06 00:00 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 23:51 - 2013-06-11 11:34 - 00000000 ____D C:\Users\EdoMarie\Desktop\Titanic une aventure hors du temps 2013-06-11 14:20 - 2013-06-11 14:20 - 01023485 ____A C:\Users\EdoMarie\Downloads\shinod7.zip 2013-06-11 14:15 - 2013-06-11 14:15 - 92391797 ____A C:\Users\EdoMarie\Downloads\gn98.zip 2013-06-11 12:12 - 2013-06-11 11:57 - 32005504 ____A (Microsoft Corporation) C:\Users\EdoMarie\Downloads\setup (5).exe 2013-06-11 12:10 - 2013-06-11 12:02 - 00000000 ____D C:\Users\EdoMarie\Downloads\jeu egypte 2013-06-11 12:10 - 2013-06-11 12:01 - 00000000 ____D C:\Users\EdoMarie\Downloads\les visiteurs le jeu 2013-06-11 08:32 - 2013-05-05 04:38 - 00001718 ____A C:\Users\EdoMarie\Desktop\PESEDIT - Raccourci.lnk 2013-06-10 23:47 - 2012-12-14 02:30 - 00000000 ___RD C:\Users\EdoMarie\Desktop\Bureau 2013-06-10 23:15 - 2013-06-10 23:14 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (6) 2013-06-07 12:02 - 2013-06-07 01:43 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (6) 2013-06-07 11:49 - 2012-10-15 15:13 - 00000132 ____A C:\Users\EdoMarie\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-06-07 00:40 - 2012-03-13 00:37 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\VirtuaTennis2009 2013-06-05 16:02 - 2011-05-17 03:39 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\SoftGrid Client 2013-06-05 11:26 - 2013-06-05 11:26 - 00000779 ____A C:\Users\EdoMarie\Desktop\launcher - Raccourci.lnk 2013-06-05 06:44 - 2013-06-05 06:44 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\2K Games 2013-06-05 06:16 - 2013-06-05 04:37 - 00000000 ____D C:\Users\EdoMarie\Desktop\patch fr mafia 2 2013-06-05 03:28 - 2013-06-05 03:27 - 00000000 ____D C:\watch dogs 2013-06-04 12:21 - 2013-06-04 12:21 - 00000000 ____D C:\Users\EdoMarie\Documents\TikGames 2013-06-03 11:18 - 2013-06-03 11:18 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\SKIDROW 2013-06-03 01:58 - 2013-05-06 10:23 - 00000000 ____D C:\Users\EdoMarie\Desktop\images pes ligue des masters , coupes 2013-06-02 02:25 - 2012-08-14 20:53 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\HpUpdate 2013-05-31 05:56 - 2013-05-31 05:56 - 00001960 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk 2013-05-31 05:56 - 2013-05-31 05:56 - 00000000 ____D C:\ProgramData\Visan 2013-05-31 05:56 - 2013-05-31 05:56 - 00000000 ____D C:\ProgramData\HP Photo Creations 2013-05-31 05:56 - 2013-05-31 05:56 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2013-05-31 05:55 - 2013-05-31 05:55 - 00002281 ____A C:\Users\Public\Desktop\HP Deskjet 1050 J410 series.lnk 2013-05-31 05:55 - 2013-05-31 05:55 - 00001203 ____A C:\Users\Public\Desktop\Achat de consommables - HP Deskjet 1050 J410 series.lnk 2013-05-31 05:55 - 2012-08-14 20:49 - 00000000 ____D C:\Program Files (x86)\HP 2013-05-31 05:55 - 2012-08-14 20:45 - 00000000 ____D C:\ProgramData\HP 2013-05-31 05:54 - 2013-05-31 05:54 - 00000057 ____A C:\ProgramData\Ament.ini 2013-05-31 05:54 - 2012-08-14 20:46 - 00000000 ____D C:\Program Files\HP 2013-05-31 05:53 - 2013-05-31 05:53 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\HP 2013-05-30 00:20 - 2011-12-17 10:27 - 00000000 ____D C:\Users\EdoMarie\Documents\cv 2013-05-26 10:58 - 2013-05-26 10:58 - 00000522 ____A C:\Users\EdoMarie\Downloads\D21297DF7C8288382A5113902BEC6FF2207EA11C.torrent 2013-05-26 07:23 - 2013-05-26 07:23 - 00026112 ____A C:\Users\EdoMarie\Downloads\The Last Express v1.02 Multi-Langues.torrent 2013-05-26 06:59 - 2013-05-26 06:58 - 06885984 ____A (http://www.express-files.com/) C:\Users\EdoMarie\Downloads\the_last_express_downloader_fr_133.exe 2013-05-26 06:52 - 2013-05-26 06:49 - 00001614 ____A C:\Users\EdoMarie\Desktop\_le - Raccourci.lnk 2013-05-26 06:51 - 2013-05-20 02:53 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (3) 2013-05-26 06:49 - 2013-05-26 06:42 - 00001669 ____A C:\Users\EdoMarie\Desktop\ExpressW - Raccourci.lnk 2013-05-26 06:19 - 2013-05-26 06:19 - 00000000 ____D C:\Program Files (x86)\Interplay 2013-05-26 06:10 - 2013-05-26 06:06 - 00000000 ____D C:\Users\EdoMarie\Desktop\last express game 2013-05-26 05:56 - 2013-05-26 05:56 - 00042013 ____A C:\Users\EdoMarie\Downloads\The.Last.Express.Collectors.Edition.FRENCH.KOMONA (1).torrent 2013-05-26 04:10 - 2013-05-26 03:04 - 00000000 ____D C:\Users\EdoMarie\Desktop\The-Last-Express 2013-05-26 04:08 - 2013-05-26 04:08 - 00014879 ____A C:\Users\EdoMarie\Downloads\T.Expen.2-.torrent 2013-05-26 03:01 - 2013-05-26 03:01 - 00042013 ____A C:\Users\EdoMarie\Downloads\The.Last.Express.Collectors.Edition.FRENCH.KOMONA.torrent 2013-05-24 06:47 - 2013-05-24 06:44 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (19) 2013-05-22 11:28 - 2013-05-22 11:28 - 00000000 ____D C:\Users\EdoMarie\Desktop\Nouveau dossier (4) 2013-05-22 04:30 - 2013-05-22 04:30 - 00000000 ____D C:\Python25 2013-05-22 04:29 - 2013-05-22 04:29 - 10695680 ____A C:\Users\EdoMarie\Downloads\python-2.5.msi 2013-05-22 04:21 - 2013-05-22 04:21 - 00002073 ____A C:\Users\UpdatusUser\Desktop\Blender.lnk 2013-05-22 04:21 - 2013-05-22 04:21 - 00002073 ____A C:\Users\maman\Desktop\Blender.lnk 2013-05-22 04:19 - 2013-05-22 04:19 - 00000000 ____D C:\Program Files (x86)\Blender Foundation 2013-05-22 03:41 - 2013-05-22 03:41 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\Blender Foundation 2013-05-21 12:38 - 2011-03-08 04:07 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\Adobe 2013-05-21 11:23 - 2011-03-07 04:07 - 00000000 ____D C:\Users\EdoMarie\AppData\Roaming\Adobe 2013-05-21 02:05 - 2011-02-26 23:28 - 00000000 ____D C:\Users\EdoMarie\AppData\Local\Windows Live 2013-05-20 02:49 - 2013-05-20 02:48 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (17) 2013-05-19 11:23 - 2013-05-19 11:23 - 00206984 ____A C:\Users\EdoMarie\Downloads\Terminator_1_french_dvdrip_evanetlola.exe 2013-05-19 11:22 - 2013-05-19 11:22 - 00007758 ____A C:\Users\EdoMarie\Downloads\Terminator.Edition.Speciale.1984.FRENCH.BRRiP.XViD.AC3-HuSh.torrent 2013-05-19 11:21 - 2013-05-19 11:21 - 00038684 ____A C:\Users\EdoMarie\Downloads\Terminator 1984 French DvDRip Xvid AC3 Empereur-Team.torrent 2013-05-19 05:33 - 2013-05-19 05:33 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (13) 2013-05-18 15:07 - 2013-05-18 15:07 - 00000000 ____D C:\Users\EdoMarie\Downloads\Nouveau dossier (16) 2013-05-16 17:25 - 2013-06-12 00:17 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-16 17:25 - 2013-06-12 00:17 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-16 16:59 - 2013-06-12 00:17 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-16 16:59 - 2013-06-12 00:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-16 16:58 - 2013-06-12 00:17 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-16 16:58 - 2013-06-12 00:17 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 22:30 - 2009-07-13 21:08 - 00032482 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-15 22:30 - 2009-07-13 20:45 - 00295032 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-14 05:14 - 2013-06-12 00:17 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-14 04:23 - 2013-06-12 00:17 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 01:23 - 2013-06-12 00:17 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-14 00:40 - 2013-06-12 00:17 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe Files to move or delete: ==================== C:\Users\EdoMarie\wlsetup-web.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-12 00:16:22 Restore point made on: 2013-06-12 00:53:13 Restore point made on: 2013-06-12 03:12:09 Restore point made on: 2013-06-12 03:21:12 Restore point made on: 2013-06-12 03:22:37 Restore point made on: 2013-06-12 03:23:20 Restore point made on: 2013-06-12 03:38:22 Restore point made on: 2013-06-12 03:50:08 Restore point made on: 2013-06-12 04:35:26 Restore point made on: 2013-06-12 08:33:48 ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 3071.24 MB Available physical RAM: 2385.14 MB Total Pagefile: 3069.39 MB Available Pagefile: 2382.91 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (eMachines) (Fixed) (Total:451.66 GB) (Free:49.19 GB) NTFS (Disk=0 Partition=3) Drive e: (PQSERVICE) (Fixed) (Total:14 GB) (Free:1.32 GB) NTFS (Disk=0 Partition=1) Drive f: (HP DJ1050_J410) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS Drive h: () (Removable) (Total:7.41 GB) (Free:3.62 GB) FAT32 (Disk=2 Partition=1) Drive k: (CLÉ VOITURE) (Removable) (Total:3.73 GB) (Free:2.08 GB) FAT32 (Disk=5 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: C7E16395) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 7 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ======================================================== Disk: 5 (Size: 4 GB) (Disk ID: 73696420) Partition 1: (Not Active) - (Size=-5185543680) - (Type=45) Partition 2: (Not Active) - (Size=892 GB) - (Type=65) Partition 3: (Not Active) - (Size=779 GB) - (Type=20) Partition 4: (Not Active) - (Size=26 MB) - (Type=0D) LastRegBack: 2013-06-13 08:40 ==================== End Of Log ============================