SystemLook 30.07.11 by jpshortstuff Log created at 13:04 on 28/11/2017 by Jean-Marie Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== service ========== msiserver Windows Installer "Ajoute, modifie et supprime des applications fournies en tant que package Windows Installer (*.msi, *.msp, *.appx). Si ce service est désactivé, les services qui en dépendent explicitement ne démarreront pas." Current Status: Stopped Startup Type: Demand Error Control: Critical Binary: C:\WINDOWS\system32\msiexec.exe /V Group: (none) SafeBoot: Minimal Network Dependencies: ->rpcss Dependant Services: (none) ezSharedSvc - Unable to open Service Handle. ========== dir ========== C:\USERS\SY\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ.ZZZ.ZZZ - Unable to find folder. C:\Documents and Settings\All Users\Application Data\Communications - Unable to find folder. C:\Documents and Settings\All Users\Application Data\Network - Unable to find folder. C: - Parameters: "(none)" ---Files--- bootmgr -rahs-- 398156 bytes [08:18 26/07/2012] [03:44 26/07/2012] BOOTNXT --ahs-- 1 bytes [08:18 26/07/2012] [14:30 02/06/2012] hiberfil.sys --ahs-- 1535000576 bytes [09:20 26/11/2017] [10:16 27/11/2017] OS -rahs-- 0 bytes [07:30 05/03/2013] [07:30 05/03/2013] pagefile.sys --ahs-- 419430400 bytes [09:17 26/11/2017] [06:11 28/11/2017] Pre_Scan.txt --a---- 7957 bytes [04:29 28/11/2017] [04:52 28/11/2017] swapfile.sys --ahs-- 268435456 bytes [09:17 26/11/2017] [06:11 28/11/2017] ---Folders--- $RECYCLE.BIN d--hs-- [09:01 28/11/2017] $Windows.~WS d--h--- [18:24 26/11/2017] Adferno d------ [14:21 27/11/2017] AdsFix d------ [04:29 28/11/2017] AdwCleaner d------ [06:01 28/11/2017] AMD d------ [11:43 27/11/2017] Boot d--hs-- [02:02 02/08/2012] Config.Msi d--hs-- [10:39 28/11/2017] Cookie Control d------ [14:22 27/11/2017] Documents and Settings d--hs-- [07:22 26/07/2012] Ericksystem d------ [19:01 27/11/2017] ESD d------ [12:45 26/11/2017] Fcheck d------ [14:16 27/11/2017] Force Check d------ [14:26 27/11/2017] Force Login d------ [14:30 27/11/2017] FRST d------ [11:52 28/11/2017] HERALOGIC d------ [18:56 27/11/2017] hp dr-hs-- [11:49 07/01/2013] inetpub d------ [08:09 27/11/2017] iolo d------ [11:30 26/11/2017] logs d------ [11:31 26/11/2017] NoBot d------ [13:48 27/11/2017] OneDriveTemp d--h--- [11:08 27/11/2017] PerfLogs d------ [13:46 29/09/2017] Pre_Scan d------ [04:25 28/11/2017] Program Files dr----- [13:46 29/09/2017] Program Files (x86) d------ [13:46 29/09/2017] ProgramData d--h--- [13:46 29/09/2017] Recovery d--hs-- [09:37 27/11/2017] RegBackup d------ [07:06 28/11/2017] sources d------ [13:12 26/11/2017] Startup Control d------ [14:19 27/11/2017] SWSETUP d-a---- [03:15 02/08/2012] System Volume Information d--hs-- [09:17 26/11/2017] SYSTEM.SAV drahs-- [09:57 01/08/2012] UsbFix d------ [17:57 27/11/2017] Users dr----- [08:45 29/09/2017] WebrootDebug d------ [13:51 27/11/2017] Windows d------ [08:45 29/09/2017] Windows.old d------ [09:32 27/11/2017] G: - Parameters: "(none)" ---Files--- adware removal tool by tsa win10 compaq 16nov.txt ------- 226 bytes [11:14 16/11/2017] [11:14 16/11/2017] AdwCleaner[C0].txt ------- 4481 bytes [12:30 16/11/2017] [08:43 16/11/2017] adwcleaner_7.0.4.0.exe ------- 8261584 bytes [08:14 16/11/2017] [08:14 16/11/2017] ClearLNK-16.11.2017_13-29.log ------- 123300 bytes [12:30 16/11/2017] [12:29 16/11/2017] clearlnk_2.9.0.11.exe ------- 462976 bytes [08:25 16/11/2017] [08:25 16/11/2017] geek.zip ------- 3005801 bytes [10:26 13/11/2017] [18:19 12/11/2017] JRT win10 compaq 16 nov.txt ------- 1179 bytes [09:09 16/11/2017] [09:09 16/11/2017] Nuance.Dragon.Pro.Indi.15.00.000.158.rar ------- -371853583 bytes [10:25 13/11/2017] [10:24 12/11/2017] time.txt ------- 19 bytes [17:22 13/11/2017] [17:22 13/11/2017] zhpcleaner compaq w10 16 nov.txt ------- 4683 bytes [12:15 16/11/2017] [12:15 16/11/2017] ZHPCleaner.exe ------- 2971008 bytes [08:17 16/11/2017] [08:17 16/11/2017] zhpfix results compaq w10 16 nov.txt ------- 5297 bytes [12:22 16/11/2017] [12:22 16/11/2017] zhpfix script compaq w10 16 nov.txt ------- 17487 bytes [08:35 16/11/2017] [08:35 16/11/2017] ZHPFix.exe ------- 3061760 bytes [08:21 16/11/2017] [08:21 16/11/2017] ---Folders--- Autorun.inf drahs-- [21:03 27/11/2017] geek d------ [10:37 13/11/2017] NMSDCID d------ [17:02 25/11/2017] Nuance.Dragon.Pro.Indi.15.00.000.158 d------ [10:38 13/11/2017] PHOTO FAMILY d------ [17:02 25/11/2017] Quarantine d------ [12:20 16/11/2017] ReviverSoft.PC.Reviver.2.16.1.2.Portable d------ [10:43 13/11/2017] System Volume Information d--hs-- [14:05 11/11/2017] P: - Parameters: "(none)" ---Files--- README.diskdefines ------- 237 bytes [10:14 27/06/2017] [23:03 19/07/2016] md5sum.txt ------- 23431 bytes [10:20 27/06/2017] [23:05 19/07/2016] casper-rw ------- 1782579200 bytes [15:19 02/11/2017] [15:19 02/11/2017] ldlinux.sys ------- 69632 bytes [10:25 27/06/2017] [10:25 27/06/2017] ldlinux.c32 ------- 122308 bytes [10:25 27/06/2017] [10:25 27/06/2017] SmartClean.ini ------- 448 bytes [10:25 27/06/2017] [10:25 27/06/2017] starburn.txt ------- 2879 bytes [07:07 14/10/2017] [11:39 03/09/2016] BOOTEX.LOG ------- 15410 bytes [17:11 11/07/2017] [11:28 10/10/2017] pp.key ------- 8192 bytes [07:07 14/10/2017] [08:47 03/01/2016] autorun.inf ---hs-- 8192 bytes [21:11 23/07/2017] [21:11 23/07/2017] 2016-01-01 (4).AVI ------- 399736832 bytes [07:04 14/10/2017] [16:29 03/01/2016] 2016-01-01 (5).AVI ------- 884736 bytes [07:05 14/10/2017] [16:29 03/01/2016] 2016-01-01 (1).AVI ------- 65536 bytes [07:05 14/10/2017] [16:29 03/01/2016] 2015-12-31 (2).AVI ------- 706084864 bytes [07:05 14/10/2017] [16:12 03/01/2016] réparer windows 7 sans perdre des données avec iso et dvd.pdf ------- 1717254 bytes [07:07 14/10/2017] [15:44 09/09/2016] creee-en-1959-la-poupee-barbie-a-toujours-autant-de-succes-photo-rl-1439655987.jpg ------- 1279955 bytes [07:07 14/10/2017] [14:58 10/06/2016] 240¬ de plus à payer avec le 1ère logiciel Cewbé d (1).txt ------- 830 bytes [07:07 14/10/2017] [16:29 03/01/2016] Macache Bonneau Clipboard (1).txt ------- 1317 bytes [07:07 14/10/2017] [15:56 03/01/2016] pp (1).key ------- 8192 bytes [07:07 14/10/2017] [15:56 03/01/2016] time (1).txt ------- 20 bytes [07:07 14/10/2017] [15:56 03/01/2016] 240¬ de plus à payer avec le 1ère logiciel Cewbé d.txt ------- 830 bytes [07:07 14/10/2017] [09:19 03/01/2016] Macache Bonneau Clipboard.txt ------- 1317 bytes [07:07 14/10/2017] [08:47 03/01/2016] time.txt ------- 19 bytes [07:07 14/10/2017] [17:22 13/11/2017] aimer-dvd-creator-intel_full335.dmg ------- 62168080 bytes [07:07 14/10/2017] [23:31 02/01/2016] aimer-video-converter-intel_full265.dmg ------- 44314993 bytes [07:08 14/10/2017] [23:31 02/01/2016] aimer-video-pro_full432.exe ------- 21681496 bytes [07:08 14/10/2017] [23:31 02/01/2016] aimer-video-converter_setup_full68.exe ------- 1239552 bytes [07:08 14/10/2017] [23:31 02/01/2016] aimer-video-ultimate_full129.exe ------- 45682060 bytes [07:08 14/10/2017] [23:31 02/01/2016] aimer-mac-video-studio-express_full700.dmg ------- 60733178 bytes [07:08 14/10/2017] [23:31 02/01/2016] aimer-video-studio-express_full701.exe ------- 61243876 bytes [07:08 14/10/2017] [23:30 02/01/2016] Akvzn3HKZzU&autoplay=0 ------- 5898 bytes [07:08 14/10/2017] [23:30 02/01/2016] Akvzn3HKZzU&autoplay=0(2) ------- 5900 bytes [07:08 14/10/2017] [23:30 02/01/2016] Akvzn3HKZzU&autoplay=0(3) ------- 5890 bytes [07:08 14/10/2017] [23:30 02/01/2016] android_root.exe ------- 18023288 bytes [07:09 14/10/2017] [23:30 02/01/2016] 2015-12-31 (3).AVI ------- 452952064 bytes [07:00 14/10/2017] [16:16 03/01/2016] 2015-12-31 (4).AVI ------- 171048960 bytes [07:01 14/10/2017] [16:18 03/01/2016] 2015-12-31 (1).AVI ------- 30932992 bytes [07:02 14/10/2017] [16:18 03/01/2016] 2016-01-01 (2).AVI ------- 470450176 bytes [07:02 14/10/2017] [16:22 03/01/2016] 2016-01-01 (3).AVI ------- 449970176 bytes [07:03 14/10/2017] [16:26 03/01/2016] CyberLink_PowerProducer_Downloader.exe ------- 967200 bytes [07:09 14/10/2017] [23:30 02/01/2016] adwcleaner_5.027.exe ------- 1745920 bytes [07:09 14/10/2017] [23:30 02/01/2016] CyberLink_Power2Go_Downloader.exe ------- 1299304 bytes [07:09 14/10/2017] [23:30 02/01/2016] CyberLink_Media_Suite_Downloader.exe ------- 1031608 bytes [07:09 14/10/2017] [23:30 02/01/2016] CyberLink_PowerDirector_Downloader.exe ------- 1031608 bytes [07:09 14/10/2017] [23:30 02/01/2016] CyberLink_PowerDVD_Downloader.exe ------- 1031608 bytes [07:09 14/10/2017] [23:30 02/01/2016] PortableApps.com_Platform_Setup_12.2.paf.exe ------- 3793168 bytes [07:10 14/10/2017] [23:28 02/01/2016] android_root-1.exe ------- 18023288 bytes [07:10 14/10/2017] [23:28 02/01/2016] clueful_log.txt ------- 876 bytes [07:10 14/10/2017] [23:28 02/01/2016] Err Kernel Fuseau Origan Macarons Domino.zip ------- -1984284077 bytes [07:10 14/10/2017] [23:28 02/01/2016] Erreur Kernel Fuseau Origan Macarons Domino.docx ------- 6701 bytes [07:15 14/10/2017] [23:28 02/01/2016] Erreur Kernel Fuseau Origan Macarons Domino.txt ------- 1350 bytes [07:15 14/10/2017] [23:21 02/01/2016] kr-stock-conf ------- 80 bytes [07:15 14/10/2017] [23:13 02/01/2016] Erreur Kernel Fuseau Origan Macarons Domino.doc ------- 21504 bytes [07:15 14/10/2017] [23:08 02/01/2016] Erreur Kernel Fuseau Origan Macarons Domino.pdf ------- 27137 bytes [07:15 14/10/2017] [23:08 02/01/2016] la folie mirc-mirc avec lynnlo, léa, sonia et amélie.mp4 ------- 160450188 bytes [07:16 14/10/2017] [05:13 13/12/2014] ---Folders--- System Volume Information d------ [10:14 27/06/2017] .disk d------ [10:14 27/06/2017] EFI d------ [10:14 27/06/2017] boot d------ [10:14 27/06/2017] casper d------ [05:25 31/07/2017] dists d------ [10:20 27/06/2017] install d------ [10:20 27/06/2017] syslinux d------ [10:20 27/06/2017] pics d------ [10:20 27/06/2017] pool d------ [10:20 27/06/2017] preseed d------ [10:20 27/06/2017] FOUND.000 d------ [11:28 10/10/2017] Avatar d------ [07:07 14/10/2017] pilpa 2 - pitmann playthrough - souvenir chez stine & lix le quadrige d------ [07:02 14/10/2017] jean-marie.carribon@wanadoo.fr's Online Sync d------ [07:03 14/10/2017] l'art du moine du wa miss dessert de widen, du ou quel tritoir nadia winiccyx, & du ou cewbélink power2ccyx d------ [07:03 14/10/2017] AoaoPhoto Digital Studio d------ [07:03 14/10/2017] YouCam d------ [07:07 14/10/2017] iSkysoft iMedia Converter Deluxe d------ [07:07 14/10/2017] Wondershare Filmora d------ [07:07 14/10/2017] Notes d------ [07:07 14/10/2017] IMAGE (2) d------ [07:07 14/10/2017] LOST.DIR (2) d------ [07:07 14/10/2017] IMAGE (1) d------ [07:07 14/10/2017] LOST.DIR (1) d------ [07:07 14/10/2017] Playlists d------ [07:07 14/10/2017] Mail Orange d------ [07:07 14/10/2017] Video d------ [07:07 14/10/2017] kinguserdown d------ [07:07 14/10/2017] Music d------ [07:07 14/10/2017] Ringtones d------ [07:07 14/10/2017] Image d------ [07:07 14/10/2017] AI_RecycleBin d------ [14:19 11/08/2017] My Documents d------ [07:07 14/10/2017] Documents d------ [16:01 23/07/2017] Nouveau dossier d------ [07:02 14/10/2017] lin d------ [07:02 14/10/2017] My Stationery d------ [07:03 14/10/2017] LOST.DIR d------ [07:07 14/10/2017] Download d------ [07:16 14/10/2017] DCIM d------ [07:17 14/10/2017] CyberShot d------ [07:18 14/10/2017] cleanmaster d------ [07:18 14/10/2017] wondershare d------ [07:20 14/10/2017] stromaé - promiscuous d------ [07:20 14/10/2017] Pictures d------ [07:21 14/10/2017] image_cache d------ [07:21 14/10/2017] Kingroot d------ [07:21 14/10/2017] Download (2) d------ [07:21 14/10/2017] fr.lcl.android.customerarea d------ [07:21 14/10/2017] Download (1) d------ [07:21 14/10/2017] CyberLink Power2Go 11 Essentials setup d------ [07:21 14/10/2017] for de la rever'nifk - cyberlink freewares installers d------ [07:21 14/10/2017] pilpa 1 - apps quand ou droopy fin li'lis pire framo 2009 parodié en tri'toir de brugnon-ultra-hush d------ [07:32 14/10/2017] Nouveau dossier (2) d------ [07:47 14/10/2017] NMSDCID d------ [17:02 25/11/2017] PHOTO FAMILY d------ [17:02 25/11/2017] R: - Parameters: "(none)" ---Files--- shell.efi ------- 683904 bytes [06:05 08/11/2017] [03:52 09/12/2014] shellia32.efi ------- 683936 bytes [06:05 08/11/2017] [09:35 19/09/2015] shellx64.efi ------- 771136 bytes [06:05 08/11/2017] [09:35 19/09/2015] memdisk ------- 26140 bytes [06:05 08/11/2017] [16:29 06/10/2014] info ------- 5 bytes [06:05 08/11/2017] [13:08 07/09/2014] cdrom.ico ------- 354862 bytes [06:05 08/11/2017] [11:56 22/07/2014] cat.c32 ------- 1652 bytes [06:05 08/11/2017] [16:29 06/10/2014] chain.c32 ------- 24560 bytes [06:05 08/11/2017] [16:29 06/10/2014] cmenu.c32 ------- 3688 bytes [06:05 08/11/2017] [16:29 06/10/2014] gfxboot.c32 ------- 10408 bytes [06:05 08/11/2017] [16:29 06/10/2014] ifcpu.c32 ------- 4112 bytes [06:05 08/11/2017] [16:29 06/10/2014] ifcpu64.c32 ------- 1736 bytes [06:05 08/11/2017] [16:29 06/10/2014] ifplop.c32 ------- 1912 bytes [06:05 08/11/2017] [16:29 06/10/2014] libcom32.c32 ------- 186500 bytes [06:05 08/11/2017] [16:29 06/10/2014] libgpl.c32 ------- 66524 bytes [06:05 08/11/2017] [16:29 06/10/2014] libmenu.c32 ------- 24132 bytes [06:05 08/11/2017] [16:29 06/10/2014] libutil.c32 ------- 24148 bytes [06:05 08/11/2017] [16:29 06/10/2014] linux.c32 ------- 4660 bytes [06:05 08/11/2017] [16:29 06/10/2014] localboot.c32 ------- 1252 bytes [06:05 08/11/2017] [16:29 06/10/2014] mboot.c32 ------- 10772 bytes [06:05 08/11/2017] [16:29 06/10/2014] menu.c32 ------- 26596 bytes [06:05 08/11/2017] [16:29 06/10/2014] poweroff.c32 ------- 1664 bytes [06:05 08/11/2017] [16:29 06/10/2014] reboot.c32 ------- 1376 bytes [06:05 08/11/2017] [16:29 06/10/2014] syslinux.c32 ------- 7588 bytes [06:05 08/11/2017] [16:29 06/10/2014] vesamenu.c32 ------- 27104 bytes [06:05 08/11/2017] [16:29 06/10/2014] whichsys.c32 ------- 2460 bytes [06:05 08/11/2017] [16:29 06/10/2014] SARDU - Multiboot Builder.url ------- 121 bytes [06:05 08/11/2017] [20:22 19/02/2017] syslinux-6.03.txt ------- 0 bytes [06:05 08/11/2017] [13:44 14/05/2017] syslinux.cfg ------- 1066 bytes [06:05 08/11/2017] [06:05 08/11/2017] 7-zip.dll ------- 49664 bytes [06:20 08/11/2017] [03:00 08/11/2017] license-pro.txt ------- 18121 bytes [06:20 08/11/2017] [03:05 08/11/2017] SARDU_1 ------- 24770815 bytes [06:20 08/11/2017] [03:00 08/11/2017] time.txt ------- 19 bytes [17:22 13/11/2017] [17:22 13/11/2017] ---Folders--- System Volume Information d------ [13:22 06/11/2017] efi d------ [06:03 08/11/2017] SARDU d------ [06:04 08/11/2017] boot d------ [06:04 08/11/2017] .disk d------ [06:05 08/11/2017] Extra d------ [06:05 08/11/2017] CFG d------ [06:08 08/11/2017] ISO d------ [06:08 08/11/2017] languages d------ [06:20 08/11/2017] log d------ [06:20 08/11/2017] Temp d------ [06:20 08/11/2017] tools d------ [06:20 08/11/2017] PHOTO FAMILY d------ [17:01 25/11/2017] NMSDCID d------ [17:02 25/11/2017] Autorun.inf drahs-- [21:03 27/11/2017] v: - Parameters: "(none)" ---Files--- None found. ---Folders--- Autorun.inf drahs-- [21:03 27/11/2017] ========== regfind ========== Searching for "winlogon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\winlogon.exe] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Winlogon] "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Wlclntfy] "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\Microsoft-Windows-Winlogon] "EventMessageFile"="%SystemRoot%\system32\winlogon.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Winlogon] "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wlclntfy] "EventMessageFile"="%SystemRoot%\System32\winlogon.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-Winlogon] "EventMessageFile"="%SystemRoot%\system32\winlogon.exe" ========== reg ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser] (Unable to open key - key not found) [HKEY_CURRENT_USER\Software\?? ?? ???? ????? ??? ?? ????] (Unable to open key - key not found) ========== filefind ========== Searching for "*CCleaner*" C:\Program Files (x86)\atomicware\atomiccleaner3\atomiccleaner3.exe --a---- 2030592 bytes [13:46 27/11/2017] [18:58 03/11/2016] 951AB06BED9FDA9A9C39AB637FE07753 C:\Program Files (x86)\atomicware\atomiccleaner3\atomiccleaner3_.log --a---- 7182 bytes [17:03 27/11/2017] [17:19 27/11/2017] D12787BAEDA588D61603783914FA56A1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\atomiccleaner3.lnk --a---- 1315 bytes [13:46 27/11/2017] [13:46 27/11/2017] 6ED4747BEB8CAE93A164353308CC2706 C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\atomiccleaner3.lnk --a---- 1315 bytes [13:46 27/11/2017] [13:46 27/11/2017] 6ED4747BEB8CAE93A164353308CC2706 C:\Users\Jean-Marie\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_atomicware_atomiccleaner3_atomiccleaner3_exe --a---- 4246 bytes [14:43 27/11/2017] [14:43 27/11/2017] D85E26675B529DD21B3BF11D54F1DF78 C:\Users\Jean-Marie\Desktop\LFS Hyper-100% Sécurisé-Cewbé Suite 19.16\atomiccleaner3.lnk --a---- 1303 bytes [13:46 27/11/2017] [13:46 27/11/2017] 9167A06F80D6E4A1573FF73CDD95FFE8 C:\Users\Jean-Marie\Desktop\LoadTool - Téléchargement\CCleaner.exe --a---- 4965896 bytes [19:34 27/11/2017] [06:31 28/11/2017] 9AE4C48DB6D9EB7D060C71AB1AABF5F0 C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\atomiccleaner3.lnk --a---- 1315 bytes [13:46 27/11/2017] [13:46 27/11/2017] 6ED4747BEB8CAE93A164353308CC2706 Searching for "*CCleaner.exe*" C:\Users\Jean-Marie\Desktop\LoadTool - Téléchargement\CCleaner.exe --a---- 4965896 bytes [19:34 27/11/2017] [06:31 28/11/2017] 9AE4C48DB6D9EB7D060C71AB1AABF5F0 Searching for "explorer.exe" C:\Windows\explorer.exe --a---- 3894968 bytes [13:42 29/09/2017] [13:42 29/09/2017] 4312C7F7CA8CC13A475CB150EEB5F35E C:\Windows\System32\explorer.exe --a---- 3477128 bytes [13:42 29/09/2017] [13:42 29/09/2017] 51BF1A2C033F61A7CF665244731D6C8E C:\Windows\SysWOW64\explorer.exe --a---- 3477128 bytes [13:42 29/09/2017] [13:42 29/09/2017] 51BF1A2C033F61A7CF665244731D6C8E C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.16299.15_none_74a0d304eae0e1e9\explorer.exe --a---- 3894968 bytes [13:42 29/09/2017] [13:42 29/09/2017] 4312C7F7CA8CC13A475CB150EEB5F35E C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.16299.15_none_7ef57d571f41a3e4\explorer.exe --a---- 3477128 bytes [13:42 29/09/2017] [13:42 29/09/2017] 51BF1A2C033F61A7CF665244731D6C8E C:\Windows.old\Windows\explorer.exe --a---- 2380440 bytes [23:14 25/07/2012] [04:49 26/07/2012] 928791755FDDEA721B053535EF84FA17 C:\Windows.old\Windows\SysWOW64\explorer.exe --a---- 2114936 bytes [23:11 25/07/2012] [03:50 26/07/2012] 5B6ED1B57DBFF18D405A0260559B571E C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe --a---- 2380440 bytes [23:14 25/07/2012] [04:49 26/07/2012] 928791755FDDEA721B053535EF84FA17 C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe --a---- 2114936 bytes [23:11 25/07/2012] [03:50 26/07/2012] 5B6ED1B57DBFF18D405A0260559B571E Searching for "atapi.sys" C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_f2fe4bdd6cb0f450\atapi.sys --a---- 28568 bytes [13:41 29/09/2017] [13:41 29/09/2017] 6191B9B2EE0E8CB957C683B9B341CC86 C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.16299.15_none_0024540c92ae41c6\atapi.sys --a---- 28568 bytes [13:41 29/09/2017] [13:41 29/09/2017] 6191B9B2EE0E8CB957C683B9B341CC86 Searching for "CertLock" No files found. Searching for "ZeroAccess" No files found. Searching for "Optimizer Pro" No files found. Searching for "ByteFence" C:\ProgramData\AVAST Software\Avast\Cache\InstallLocation\ByteFence --a---- 230 bytes [13:34 27/11/2017] [13:34 27/11/2017] EAC691D84A202EB1CEEA5DE3203E54D7 C:\ProgramData\AVAST Software\Avast\SWCUData\Cache\InstallLocation\ByteFence --a---- 278 bytes [13:11 26/11/2017] [09:58 27/11/2017] 749268DC71F99D22CB2844B069048CFC C:\Users\All Users\AVAST Software\Avast\Cache\InstallLocation\ByteFence --a---- 230 bytes [13:34 27/11/2017] [13:34 27/11/2017] EAC691D84A202EB1CEEA5DE3203E54D7 C:\Users\All Users\AVAST Software\Avast\SWCUData\Cache\InstallLocation\ByteFence --a---- 278 bytes [13:11 26/11/2017] [09:58 27/11/2017] 749268DC71F99D22CB2844B069048CFC C:\Windows.old\Users\All Users\AVAST Software\Avast\Cache\InstallLocation\ByteFence --a---- 230 bytes [13:34 27/11/2017] [13:34 27/11/2017] EAC691D84A202EB1CEEA5DE3203E54D7 C:\Windows.old\Users\All Users\AVAST Software\Avast\SWCUData\Cache\InstallLocation\ByteFence --a---- 278 bytes [13:11 26/11/2017] [09:58 27/11/2017] 749268DC71F99D22CB2844B069048CFC ========== file ========== C:\Program Files\ByteFence - Unable to find/read file. C:\Program Files (x86)\ByteFence - Unable to find/read file. C:\USERS\SY\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\ZZZZZZZZZZZZZZZZ.ZZZ.ZZZ - Unable to find/read file. C:\Windows\system32\lsass.exe - Unable to find/read file. C:\Windows\System32\spoolsv.exe - Unable to find/read file. P:\ldlinux.c32 - File found and opened. MD5: 7D485AB19E5F072E0B7C19B93F95E3A0 Created at 10:25 on 27/06/2017 Modified at 10:25 on 27/06/2017 Size: 122308 bytes Attributes: ------- No version information available. P:\ldlinux.sys - File found and opened. MD5: 1A26D01BEFAB10A93343D621ED36D8A2 Created at 10:25 on 27/06/2017 Modified at 10:25 on 27/06/2017 Size: 69632 bytes Attributes: ------- No version information available. R:\ldlinux.c32 - Unable to find/read file. R:\ldlinux.sys - Unable to find/read file. ========== folderfind ========== Searching for "*CCleaner*" C:\Program Files (x86)\atomicware\atomiccleaner3 d------ [13:46 27/11/2017] Searching for "CCleaner" No folders found. Searching for "PC Utilities" No folders found. Searching for "CertLock" No folders found. Searching for "ZeroAccess" No folders found. -= EOF =-