OTL logfile created on: 19/10/2013 14:28:39 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SE7EN\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,50 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 65,08% Memory free 6,99 Gb Paging File | 5,75 Gb Available in Paging File | 82,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 117,09 Gb Total Space | 79,72 Gb Free Space | 68,09% Space Free | Partition Type: NTFS Drive D: | 92,77 Gb Total Space | 92,68 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Drive E: | 88,13 Gb Total Space | 88,04 Gb Free Space | 99,90% Space Free | Partition Type: NTFS Computer Name: SE7EN-PC | User Name: SE7EN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/10/19 14:25:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SE7EN\Desktop\OTL.exe PRC - [2013/06/23 15:20:01 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011/09/15 08:45:04 | 006,253,160 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe PRC - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/07/05 11:26:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011/04/26 21:14:45 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/03/01 15:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011/03/01 15:42:58 | 000,490,656 | ---- | M] (Atheros Communications) -- C:\Program Files\Bluetooth Suite\BtvStack.exe PRC - [2011/03/01 15:42:54 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe PRC - [2011/03/01 15:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\adminservice.exe PRC - [2010/12/27 16:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe PRC - [2010/11/20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 23:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009/11/18 10:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe PRC - [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O31413Z\winlogon.exe PRC - [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O31413Z\service.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/10/09 02:02:43 | 000,415,184 | ---- | M] () -- C:\Users\SE7EN\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll MOD - [2013/10/09 02:02:41 | 004,055,504 | ---- | M] () -- C:\Users\SE7EN\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll MOD - [2013/10/09 02:01:47 | 001,604,560 | ---- | M] () -- C:\Users\SE7EN\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll MOD - [2013/05/06 22:38:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9f104525b1deefddbcff7141c2c08602\WindowsBase.ni.dll MOD - [2013/05/06 22:36:32 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cd5d6686dd65a70df2bb47350e5565f2\System.Windows.Forms.ni.dll MOD - [2013/05/06 22:36:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fefab06818fb2664595d1ef8f3d4faf3\System.Runtime.Remoting.ni.dll MOD - [2013/05/06 22:35:49 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\96f6b52f336da35be955a03e895b332e\System.Web.ni.dll MOD - [2013/05/06 22:35:35 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d4e82d7d148d82bec5a0099f8c0a9d7c\System.Drawing.ni.dll MOD - [2013/05/06 22:35:14 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e4be545cbe1875f0f1f2fa20d614b3f9\System.Xml.ni.dll MOD - [2013/05/06 22:35:04 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\033c4be35e173939c647b9eab467f3ba\System.ni.dll MOD - [2013/05/06 22:34:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fe70d777535c215f4fe9f9def2b4c815\mscorlib.ni.dll MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/04/25 09:24:59 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2010/11/21 02:30:22 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll MOD - [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O31413Z\winlogon.exe MOD - [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O31413Z\service.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/10/08 21:13:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011/09/01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/07/05 11:26:02 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011/03/01 15:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011/03/01 15:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010/12/27 16:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2009/11/18 10:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\clwvd.sys -- (clwvd) DRV - [2011/07/14 07:06:30 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011/07/05 23:49:20 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011/07/05 22:32:02 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011/04/21 20:14:40 | 002,171,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/04/16 02:37:46 | 000,066,688 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata) DRV - [2011/04/16 02:37:46 | 000,033,408 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata) DRV - [2011/03/01 15:43:08 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2011/03/01 15:43:06 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2011/03/01 15:43:06 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2011/03/01 15:43:06 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2011/03/01 15:43:06 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2011/03/01 15:43:06 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2011/03/01 15:43:04 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2011/02/15 11:37:10 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV - [2010/12/16 11:06:46 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2FE48840-1777-2424-A71E-46D3B9C52041}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=airmsd&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0A0CyE0D0C0ByDtD0CtB0EtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q&cr=1875633749&ir= IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 EA EE 35 F1 8E CE 01 [binary data] IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=airmsd&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0A0CyE0D0C0ByDtD0CtB0EtN0D0Tzu0CyDzztBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q&cr=1875633749&ir= IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\..\SearchScopes\{2FE48840-1777-2424-A71E-46D3B9C52041}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_frFR539 IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SE7EN\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SE7EN\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/23 15:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/23 15:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/08 02:16:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/23 15:20:16 | 000,000,000 | ---D | M] [2013/05/08 02:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SE7EN\AppData\Roaming\mozilla\Extensions [2013/10/07 19:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SE7EN\AppData\Roaming\mozilla\Firefox\Profiles\ljnjszlm.default\extensions [2013/09/14 16:56:14 | 000,000,000 | ---D | M] (LemurLeap) -- C:\Users\SE7EN\AppData\Roaming\mozilla\Firefox\Profiles\ljnjszlm.default\extensions\firefox@lemurleap.info [2013/05/08 02:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions File not found (No name found) -- C:\PROGRAM FILES\NOSIBAY\BUBBLE DOCK\EXTENSIONS\FFSURFMATCH File not found (No name found) -- C:\USERS\SE7EN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LJNJSZLM.DEFAULT\EXTENSIONS\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8} File not found (No name found) -- C:\USERS\SE7EN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LJNJSZLM.DEFAULT\EXTENSIONS\94AE0976-89DF-4347-9771-5371C6E203BF@3796DC63-D06D-4575-A997-9B5C935FE915.COM File not found (No name found) -- C:\USERS\SE7EN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LJNJSZLM.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM File not found (No name found) -- C:\USERS\SE7EN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LJNJSZLM.DEFAULT\EXTENSIONS\FFXTLBR@MYSEARCHDIAL.COM File not found (No name found) -- C:\USERS\SE7EN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LJNJSZLM.DEFAULT\EXTENSIONS\WEBBOOSTER@IMINENT.COM.XPI [2011/09/29 09:16:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/06/23 15:20:07 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011/09/29 03:59:56 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/09/29 03:59:56 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2011/09/29 03:59:56 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2011/09/29 03:59:56 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2011/09/29 03:59:56 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SE7EN\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\SE7EN\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SE7EN\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\SE7EN\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AdBlock = C:\Users\SE7EN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\ CHR - Extension: RealDownloader = C:\Users\SE7EN\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\ CHR - Extension: LemurLeap = C:\Users\SE7EN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlnfdbbladgcmhhamgkioifhbobjaoof\1.0.0_0\ CHR - Extension: Chrome In-App Payments service = C:\Users\SE7EN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\SE7EN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [T68Z405] C:\Windows\sa-187511.exe () O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000..\Run: [T1035055TT4] C:\Windows\system32\884054312630l.exe File not found O4 - HKU\S-1-5-21-2351959391-2129511627-3988878517-1000..\Run: [T1581511TT4] C:\Windows\System32\340510867285l.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sql.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE9E2CB6-90E1-41BC-9E90-02D75FE9454A}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O86068Z\TuxO86068Z.exe") - C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O86068Z\TuxO86068Z.exe () O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - ("C:\Windows\M58151\Ja278153bLay.com") - C:\Windows\M58151\Ja278153bLay.com () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O31 - SafeBoot: AlternateShell - 340510867285l.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: [b]msnmsgr[/b] - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]Skype[/b] - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: [b]Yahoo! Pager[/b] - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/10/19 14:25:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SE7EN\Desktop\OTL.exe [2013/10/19 12:19:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/10/19 03:15:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/10/19 02:52:12 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013/10/19 02:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/10/19 02:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013/10/17 14:54:41 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/10/17 14:54:32 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/10/17 14:54:32 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/10/17 14:54:32 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/10/17 14:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013/10/17 14:52:35 | 000,915,368 | ---- | C] (Oracle Corporation) -- C:\Users\SE7EN\Desktop\chromeinstall-7u45.exe [2013/10/11 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\SE7EN\Desktop\ING Direct ce samih 2 echeances_files [2013/10/07 19:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013/10/05 00:15:42 | 000,000,000 | ---D | C] -- C:\Users\SE7EN\AppData\Roaming\DivX [2013/09/23 11:49:27 | 000,000,000 | ---D | C] -- C:\Users\SE7EN\Desktop\appareil [2013/09/23 11:48:31 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\msvbvm60.dll [2013/09/23 11:48:31 | 000,000,000 | RHSD | C] -- C:\Windows\M58151 [2013/09/23 11:48:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\X83567go [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/10/19 14:32:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2351959391-2129511627-3988878517-1000UA.job [2013/10/19 14:30:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/10/19 14:25:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SE7EN\Desktop\OTL.exe [2013/10/19 14:12:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/19 13:46:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/10/19 12:40:49 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/19 12:40:49 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/19 12:38:28 | 000,704,480 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2013/10/19 12:38:28 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/10/19 12:38:28 | 000,130,754 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2013/10/19 12:38:28 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/10/19 12:34:12 | 000,001,533 | ---- | M] () -- C:\Users\SE7EN\Desktop\Google Chrome.lnk [2013/10/19 12:33:29 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013/10/19 12:33:27 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/10/19 12:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/19 12:33:14 | 2814,566,400 | -HS- | M] () -- C:\hiberfil.sys [2013/10/19 12:31:59 | 000,001,154 | ---- | M] () -- C:\Users\SE7EN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/10/19 12:31:59 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/10/19 12:19:07 | 001,050,644 | ---- | M] () -- C:\Users\SE7EN\Desktop\AdwCleaner.exe [2013/10/18 20:32:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2351959391-2129511627-3988878517-1000Core.job [2013/10/18 15:46:32 | 000,007,699 | ---- | M] () -- C:\Users\SE7EN\Desktop\justificatif PV POLLUTION 306 SAMIH.pdf [2013/10/18 15:34:02 | 000,007,699 | ---- | M] () -- C:\Users\SE7EN\Desktop\justificatif KIA stationnement genant aeroport.pdf [2013/10/18 15:27:53 | 000,007,700 | ---- | M] () -- C:\Users\SE7EN\Desktop\justificatif PV KIA exces de vitesse.pdf [2013/10/17 14:52:45 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Users\SE7EN\Desktop\chromeinstall-7u45.exe [2013/10/13 00:10:24 | 000,006,043 | ---- | M] () -- C:\Users\SE7EN\Desktop\1376593_723719650976025_2023716035_n.jpg [2013/10/12 21:56:17 | 000,055,360 | ---- | M] () -- C:\Users\SE7EN\Desktop\1235286_230985410387557_971099468_n.jpg [2013/10/12 21:56:07 | 000,052,058 | ---- | M] () -- C:\Users\SE7EN\Desktop\1209119_230985500387548_1603518469_n.jpg [2013/10/11 19:35:19 | 000,056,400 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130103 (1).pdf [2013/10/11 19:31:38 | 000,059,388 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20131002.pdf [2013/10/11 19:31:33 | 000,061,462 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130903.pdf [2013/10/11 19:16:22 | 000,058,908 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130802.pdf [2013/10/11 19:16:16 | 000,056,510 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130702.pdf [2013/10/11 19:16:11 | 000,055,979 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130603.pdf [2013/10/11 19:16:04 | 000,060,041 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130503.pdf [2013/10/11 19:16:00 | 000,057,210 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130404.pdf [2013/10/11 19:15:37 | 000,056,730 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130302.pdf [2013/10/11 19:15:31 | 000,056,116 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130202.pdf [2013/10/11 19:15:27 | 000,056,400 | ---- | M] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130103.pdf [2013/10/11 18:10:54 | 000,062,671 | ---- | M] () -- C:\Users\SE7EN\Desktop\Declaration annuelle CAF Karim.pdf [2013/10/11 16:49:14 | 000,136,475 | ---- | M] () -- C:\Users\SE7EN\Desktop\ING Direct ce samih 2 echeances.htm [2013/10/08 21:13:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/10/08 21:13:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/10/08 07:50:41 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/10/08 07:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/10/08 07:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/10/08 07:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/10/01 14:47:57 | 000,007,703 | ---- | M] () -- C:\Users\SE7EN\Desktop\PV BMW 2.pdf [2013/10/01 14:47:41 | 000,007,702 | ---- | M] () -- C:\Users\SE7EN\Desktop\PV BMW 1.pdf [2013/10/01 14:05:57 | 001,956,440 | ---- | M] () -- C:\Users\SE7EN\Desktop\IMG_4129.JPG [2013/10/01 14:05:51 | 001,911,321 | ---- | M] () -- C:\Users\SE7EN\Desktop\IMG_4128.JPG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/10/19 14:30:58 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2013/10/19 12:18:38 | 001,050,644 | ---- | C] () -- C:\Users\SE7EN\Desktop\AdwCleaner.exe [2013/10/18 15:46:32 | 000,007,699 | ---- | C] () -- C:\Users\SE7EN\Desktop\justificatif PV POLLUTION 306 SAMIH.pdf [2013/10/18 15:34:02 | 000,007,699 | ---- | C] () -- C:\Users\SE7EN\Desktop\justificatif KIA stationnement genant aeroport.pdf [2013/10/18 15:27:52 | 000,007,700 | ---- | C] () -- C:\Users\SE7EN\Desktop\justificatif PV KIA exces de vitesse.pdf [2013/10/13 00:10:23 | 000,006,043 | ---- | C] () -- C:\Users\SE7EN\Desktop\1376593_723719650976025_2023716035_n.jpg [2013/10/12 21:56:17 | 000,055,360 | ---- | C] () -- C:\Users\SE7EN\Desktop\1235286_230985410387557_971099468_n.jpg [2013/10/12 21:56:06 | 000,052,058 | ---- | C] () -- C:\Users\SE7EN\Desktop\1209119_230985500387548_1603518469_n.jpg [2013/10/11 19:35:19 | 000,056,400 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130103 (1).pdf [2013/10/11 19:31:37 | 000,059,388 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20131002.pdf [2013/10/11 19:31:32 | 000,061,462 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130903.pdf [2013/10/11 19:16:21 | 000,058,908 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130802.pdf [2013/10/11 19:16:16 | 000,056,510 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130702.pdf [2013/10/11 19:16:11 | 000,055,979 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130603.pdf [2013/10/11 19:16:04 | 000,060,041 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130503.pdf [2013/10/11 19:16:00 | 000,057,210 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130404.pdf [2013/10/11 19:15:37 | 000,056,730 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130302.pdf [2013/10/11 19:15:31 | 000,056,116 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130202.pdf [2013/10/11 19:15:26 | 000,056,400 | ---- | C] () -- C:\Users\SE7EN\Desktop\RELEVES_MLE HANANE KARAOUI_20130103.pdf [2013/10/11 18:10:52 | 000,062,671 | ---- | C] () -- C:\Users\SE7EN\Desktop\Declaration annuelle CAF Karim.pdf [2013/10/11 16:49:12 | 000,136,475 | ---- | C] () -- C:\Users\SE7EN\Desktop\ING Direct ce samih 2 echeances.htm [2013/10/01 14:47:57 | 000,007,703 | ---- | C] () -- C:\Users\SE7EN\Desktop\PV BMW 2.pdf [2013/10/01 14:47:41 | 000,007,702 | ---- | C] () -- C:\Users\SE7EN\Desktop\PV BMW 1.pdf [2013/10/01 14:05:36 | 001,956,440 | ---- | C] () -- C:\Users\SE7EN\Desktop\IMG_4129.JPG [2013/10/01 14:05:22 | 001,911,321 | ---- | C] () -- C:\Users\SE7EN\Desktop\IMG_4128.JPG [2013/09/26 23:16:25 | 737,065,664 | ---- | C] () -- C:\Users\SE7EN\Desktop\[www.CpasBien.com] Mon.Pire.Cauchemar.2011.FRENCH.DVDRip.XviD-UTT.avi [2013/09/26 23:16:01 | 733,562,484 | ---- | C] () -- C:\Users\SE7EN\Desktop\[WawaCity.su][PaDa]-GirlsAttitude.avi [2013/09/26 23:15:37 | 732,760,064 | ---- | C] () -- C:\Users\SE7EN\Desktop\[www.Cpasbien.com] Prometheus.2012.TRUEFRENCH.DVDRiP.XviD-SANSDouTE.avi [2013/09/26 23:15:14 | 734,917,192 | R--- | C] () -- C:\Users\SE7EN\Desktop\[www.Cpasbien.me] Memories.Corner.2011.LIMITED.FRENCH.DVDRip.XviD-UTT.avi [2013/09/26 23:14:33 | 739,352,576 | R--- | C] () -- C:\Users\SE7EN\Desktop\[www.Cpasbien.me] The Call 2013 FRENCH BDRiP XviD-CARPEDIEM.avi [2013/09/26 23:13:41 | 1481,566,208 | ---- | C] () -- C:\Users\SE7EN\Desktop\Warm.Bodies.2013.FRENCH.DVDRiP.XViD.AC3-BADBOYS.avi [2013/09/23 11:48:31 | 000,035,840 | -HS- | C] () -- C:\Windows\Ti867285ta.exe [2013/09/23 11:48:31 | 000,035,840 | -HS- | C] () -- C:\Windows\sa-187511.exe [2013/09/23 11:48:31 | 000,035,840 | -HS- | C] () -- C:\Windows\System32\340510867285l.exe [2013/08/04 22:57:02 | 000,423,709 | ---- | C] () -- C:\Users\SE7EN\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013/05/12 18:18:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2013/05/08 02:55:08 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2013/05/08 01:47:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013/05/08 01:38:38 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2013/05/08 01:29:00 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2013/05/08 01:29:00 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 23:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/05/08 01:48:03 | 000,000,000 | ---D | M] -- C:\Users\SE7EN\AppData\Roaming\Synaptics [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2013/05/08 01:42:53 | 000,001,566 | ---- | M] () -- C:\Bluetooth.log [2009/06/10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2013/10/19 12:33:14 | 2814,566,400 | -HS- | M] () -- C:\hiberfil.sys [2013/10/19 12:33:16 | 3752,755,200 | -HS- | M] () -- C:\pagefile.sys [2013/10/19 14:30:58 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2013/05/08 01:44:44 | 000,000,184 | ---- | M] () -- C:\setup.log [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2013/05/08 02:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe [2013/05/08 01:36:03 | 000,000,000 | ---D | M] -- C:\Program Files\AMD APP [2013/05/08 01:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\AMD High-Definition Graphics Driver [2013/09/15 00:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update [2013/05/08 01:44:43 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros [2013/05/08 01:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies [2013/05/08 01:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bluetooth Suite [2013/09/15 00:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour [2013/05/08 01:44:14 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco [2013/10/19 02:51:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files [2013/05/08 02:51:38 | 000,000,000 | ---D | M] -- C:\Program Files\DivX [2010/11/21 02:39:54 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker [2013/10/19 02:52:12 | 000,000,000 | ---D | M] -- C:\Program Files\Enigma Software Group [2013/05/06 22:32:37 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs [2013/09/14 17:07:41 | 000,000,000 | ---D | M] -- C:\Program Files\Google [2013/05/08 01:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2013/05/08 01:46:19 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2013/05/08 02:54:03 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2013/09/15 00:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\iPod [2013/09/15 00:13:30 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes [2013/10/17 14:54:32 | 000,000,000 | ---D | M] -- C:\Program Files\Java [2013/05/08 02:28:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft [2013/05/08 02:17:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2013/05/08 02:17:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio [2013/05/08 02:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8 [2013/05/08 02:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works [2013/08/04 23:01:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2013/10/07 19:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2013/05/08 02:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild [2013/08/04 23:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\PlayerPlus [2013/06/23 15:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\Real [2013/06/23 15:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\RealNetworks [2013/05/08 01:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek [2009/07/14 06:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies [2013/10/19 02:35:50 | 000,000,000 | R--D | M] -- C:\Program Files\Skype [2013/05/08 01:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics [2013/05/08 01:29:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp [2009/07/14 06:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2013/05/08 02:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN [2010/11/21 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender [2010/11/21 02:39:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal [2013/05/08 02:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live [2013/05/08 02:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive [2010/11/21 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail [2010/11/21 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2013/05/06 22:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT [2010/11/21 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer [2010/11/20 23:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices [2010/11/21 02:30:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar [2013/05/08 02:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR [2013/09/14 16:42:05 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: APPMGMTS.DLL >[/color] [2009/07/14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\System32\appmgmts.dll [2009/07/14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color] [2010/11/20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe [2010/11/20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009/07/14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys [2009/07/14 01:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/04/26 21:14:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/04/26 21:14:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/04/26 21:14:45 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color] [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\System32\hidserv.dll [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_d6829e90e8c23da8\hidserv.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2011/04/26 21:13:50 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/04/26 21:13:50 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/04/26 21:13:50 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/04/26 21:13:50 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010/11/20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [color=#A23BEC]< MD5 for: IMM32.DLL >[/color] [2010/11/20 23:29:20 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\System32\imm32.dll [2010/11/20 23:29:20 | 000,118,272 | ---- | M] (Microsoft Corporation) MD5=4A8E2F20809CC161107FAA94F6CF2685 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll [color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color] [2010/11/20 23:29:19 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\System32\kernel32.dll [2010/11/20 23:29:19 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2010/11/20 23:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll [2010/11/20 23:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2010/11/20 23:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys [2010/11/20 23:29:12 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2010/11/20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [color=#A23BEC]< MD5 for: NTFS.SYS >[/color] [2010/11/20 23:29:12 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys [2011/04/26 21:13:50 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\System32\drivers\ntfs.sys [2011/04/26 21:13:50 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys [2011/04/26 21:13:50 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2011/04/26 21:13:50 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/04/26 21:13:50 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/04/26 21:13:50 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/04/26 21:13:50 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010/11/20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color] [2010/11/20 23:29:21 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\System32\proquota.exe [2010/11/20 23:29:21 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2010/11/20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll [2010/11/20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2010/11/20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color] [2010/11/20 23:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\System32\spoolsv.exe [2010/11/20 23:29:06 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color] [2010/11/20 23:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll [2010/11/20 23:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2010/11/20 23:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys [2010/11/20 23:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys [2010/11/20 23:29:03 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys [color=#A23BEC]< MD5 for: WININET.DLL >[/color] [2010/11/20 23:29:12 | 000,980,992 | ---- | M] (Microsoft Corporation) MD5=44214C94911C7CFB1D52CB64D5E8368D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll [2011/04/25 09:30:14 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=A1236375B74EA63C75657D564890C436 -- C:\Windows\System32\wininet.dll [2011/04/25 09:30:14 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=A1236375B74EA63C75657D564890C436 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_1a68963bbc19635b\wininet.dll [2011/04/25 09:26:27 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=A5B19B240901CAB0C8E7767D2873613E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll [2011/04/25 09:26:27 | 000,981,504 | ---- | M] (Microsoft Corporation) MD5=EDEB2904636B657782F824D8FF97D0B8 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () MD5=3653C2B200CC4FDFEAD0116E13E78103 -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O31413Z\winlogon.exe [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () MD5=3653C2B200CC4FDFEAD0116E13E78103 -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O31413Z\winlogon.exe [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () MD5=3653C2B200CC4FDFEAD0116E13E78103 -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O86068Z\winlogon.exe [2006/10/12 21:56:02 | 000,035,840 | -HS- | M] () MD5=3653C2B200CC4FDFEAD0116E13E78103 -- C:\Users\SE7EN\AppData\Roaming\Microsoft\Windows\Templates\O86068Z\winlogon.exe [2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2010/11/20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [color=#A23BEC]< MD5 for: WS2_32.DLL >[/color] [2010/11/20 23:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\System32\ws2_32.dll [2010/11/20 23:29:06 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\Session Manager\SubSystems /s >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2011/07/05 23:09:10 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\ATIDEMGX.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\​*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*​.sav >[/color] [color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color] [2013/10/07 17:48:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$IAGZPG7.avi [2013/10/08 20:28:17 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$IAQX36B.xlsb [2013/10/07 17:48:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$IHD52RM.avi [2013/10/19 04:02:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$IV8FOUH.exe [2013/07/05 22:02:38 | 737,196,032 | R--- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$RAGZPG7.avi [2013/10/07 23:07:26 | 000,009,254 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$RAQX36B.xlsb [2013/07/23 20:15:22 | 1466,018,982 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$RHD52RM.avi [2013/10/19 02:50:33 | 000,728,960 | ---- | M] (Enigma Software Group USA, LLC.) -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\$RV8FOUH.exe [2013/05/06 22:33:08 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2351959391-2129511627-3988878517-1000\desktop.ini [2009/07/14 06:53:46 | 000,011,304 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2013/05/08 02:51:09 | 000,001,026 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351959391-2129511627-3988878517-1000Core.job [2013/05/08 02:51:09 | 000,001,078 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2351959391-2129511627-3988878517-1000UA.job [2013/06/07 22:31:40 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013/06/10 23:11:26 | 000,001,054 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013/06/10 23:11:27 | 000,001,058 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < End of report >